There is a pure GWT solution here:GWT Spring Security Integration (PURE
GWT, NO JSP)
<http://stackoverflow.com/questions/13914547/gwt-spring-security-integration-pure-gwt-no-jsp>
1,Do not use http element at all (http tag from config namespace)
2,Define your AuthenticationRpcService
3,Add AuthenticationRpcService.authenticate(user,password) method
4,Inject into AuthenticationServiceImpl AuthenticationProvider bean from
security-context.xml
5,Implement AuthenticationRpcService.authenticate(user,password) as :
User user = new User(login, password, true, true, true, true, new
ArrayList<GrantedAuthority>());
Authentication auth = new UsernamePasswordAuthenticationToken(user, password,
new ArrayList<GrantedAuthority>());
try {
auth = this.authenticationProvider.authenticate(auth);
} catch (BadCredentialsException e) {
throw new ClientSideBadCredentialsException(e.getMessage(), e);
}
SecurityContext sc = new SecurityContextImpl();
sc.setAuthentication(auth);
SecurityContextHolder.setContext(sc);
6,Ensure that spring security filter chain is executed during processing of
each your GWT RPC call (to be sure that SecurityContext populated into
SecurityContextHolder).
7,Secure all business services with @RolesAllowed({ "ADMIN_ROLE",
"USER_ROLE" }) annotations
8,Prepare your own ClientSideAcessDeniedException that can be used on
client side
9,In a case of spring AcessDeniedException propogate
ClientSideAcessDeniedException to client side
10,On client side set up UncaughtExceptionHandler via
GWT.setUncaughtExceptionHandler
11,In UncaughtExceptionHandler detect CustomAcessDeniedException and then
show error to user.
The big problem of this solution is that every service must be annotated,so
any elegant solution to solve this problem?
--
You received this message because you are subscribed to the Google Groups "GWT
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
