Here is what I usually do: I split the RPC API into pieces; one servlet for user functions, one servlet for admin functions, etc..., each at it's own URL of course.
Then I add role based access using filters; The filters are configured against the servlet URL. This way I do not need to deserialize or analyze the RPC call, to determine what authorization is required. Jamie. ----------------------- Search for analog and digital television broadcast antennas in your area: http://www.antennamap.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
