Any elegant approach to integrate Spring security with GWT RPC based application?

Fri, 01 Jul 2016 01:58:45 -0700 


There is a pure GWT solution here:GWT Spring Security Integration (PURE 
GWT, NO JSP) 
<http://stackoverflow.com/questions/13914547/gwt-spring-security-integration-pure-gwt-no-jsp>

1,Do not use http element at all (http tag from config namespace)

2,Define your AuthenticationRpcService

3,Add AuthenticationRpcService.authenticate(user,password) method

4,Inject into AuthenticationServiceImpl AuthenticationProvider bean from 
security-context.xml

5,Implement AuthenticationRpcService.authenticate(user,password) as :

User user = new User(login, password, true, true, true, true, new 
ArrayList<GrantedAuthority>());
Authentication auth = new UsernamePasswordAuthenticationToken(user, password,
        new ArrayList<GrantedAuthority>());
try {
    auth = this.authenticationProvider.authenticate(auth);
} catch (BadCredentialsException e) {
    throw new ClientSideBadCredentialsException(e.getMessage(), e);
}
SecurityContext sc = new SecurityContextImpl();
sc.setAuthentication(auth);

SecurityContextHolder.setContext(sc);

6,Ensure that spring security filter chain is executed during processing of 
each your GWT RPC call (to be sure that SecurityContext populated into 
SecurityContextHolder).

7,Secure all business services with @RolesAllowed({ "ADMIN_ROLE", 
"USER_ROLE" }) annotations

8,Prepare your own ClientSideAcessDeniedException that can be used on 
client side

9,In a case of spring AcessDeniedException propogate 
ClientSideAcessDeniedException to client side

10,On client side set up UncaughtExceptionHandler via 
GWT.setUncaughtExceptionHandler

11,In UncaughtExceptionHandler detect CustomAcessDeniedException and then 
show error to user.

The big problem of this solution is that every service must be annotated,so 
any elegant solution to solve this problem?

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Reply via email to