here https://github.com/jofrantoba/devol a example
<https://plus.google.com/u/0/102716337197852293734/about> * <https://www.facebook.com/KiongoCompany> <https://www.linkedin.com/company/kiongo-inc> <https://twitter.com/kiongoinc> <https://www.youtube.com/channel/UC1HKa8IPofVRmeAFZ22m3HQ> * Jonathan Franchesco Torres Baca CIO - Kiongo Inc. Av. Manuel Seoane 761 2do Piso- La Victoria Teléfono 074 - 613534 Cel. 958429349 La información contenida en este e-mail es confidencial, privilegiada y está dirigida exclusivamente a su destinatario. Su revisión, difusión, distribución o copiado está prohibido. Si ha recibido este e-mail por error por favor bórrelo y envíe un mensaje al remitente. The information contained in this e-mail is privileged and confidential and is intended only for its addressee. Any review, dissemination, distribution or copying of this is prohibited. If you have received this mail in error please delete the original message and e-mail us. 2015-12-10 11:22 GMT-05:00 <[email protected]>: > Thank you Ümit! > I will follow the second approach. It is also described a bit better. > > > > > On Wednesday, December 9, 2015 at 3:37:15 PM UTC+2, Ümit Seren wrote: >> >> Well as for any SPA (Single Page App) authentication and authorization >> is a concern of the server and not really the client. >> >> This is how I usually do it: >> 1.) Make the index.html page dynamic. The backend adds information >> whether the user is logged in or not ( >> http://www.gwtproject.org/articles/dynamic_host_page.html) when it is >> rendered. >> 2.) When GWT loads check the host page and retrieve the user information. >> If the user is not logged in, display Login Button/Menu item or whatever. >> 3.) When the user clicks on the login menu item/button you can either a.) >> open a GWT dialog and display a form that creates a post request to the >> backend server or b.) navigate to a seprate Non-GWT login page with a >> similar form. (I prefer the Non-GWT login page because it is a bit easier) >> 4.) Once the user submits the form with the credentials, the backend will >> check if the user credentials are correct and if so will create a session >> (using a session cookie for example). Usually the backend server/framework >> will handle this for you. >> 5.) For the Non-GWT login page you just need to redirect to the dynamic >> index.html (for the GWT dialog option you probably need to refresh the >> site). >> >> Based on the user information that you retrieve from the dynamic >> index.html page you can hide and display specific UI elements. >> Nevertheless there is one important rule: *YOU SHOULD NEVER TRUST THE >> CLIENT. * >> So you must validate and check every GWT request to the backend. Usually >> this can be done by a backend framework automcatically. For example with >> Spring you can annote your service layer with security annotations and the >> backend will throw an AccessDenied Exception. >> >> The second example you posted is basically describing this approach and >> you don't really mix GWT and Spring here because GWT has no idea of the >> Spring context. >> >> >> >> >> On Wednesday, December 9, 2015 at 12:12:10 PM UTC+1, [email protected] wrote: >>> >>> Hello all, >>> >>> I have found GWT project documentation and examples at website >>> fantastic. All major subjects are described with nice examples. What do I >>> really miss there is user login and security (sessions, validation, etc.) >>> Can't really imagine any web-project without user handling. For sure Google >>> has found many articles in this area and basically there are two options as >>> I understand: >>> >>> 1. >>> >>> https://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ >>> 2. >>> >>> http://examples.javacodegeeks.com/enterprise-java/gwt/gwt-spring-security-example/ >>> >>> The first article seems to be a bit old though it describes basic >>> principles of custom log-on implementation. Second one seems to be more >>> solid, but I am a bit scare of the fact that just for single page I need to >>> add Spring context. Mixing GWT and Spring does not make me confident I am >>> doing right thing. Is there other ways to do log-on or these two patterns >>> are the most common? >>> >>> >>> >>> Thank you. >>> >> -- > You received this message because you are subscribed to the Google Groups > "GWT Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/google-web-toolkit. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
