I understand that. But you can't trust the client. If someone who has read only access tries to write, server has to reject such request. In other words how do you implement authorization?
Thank you, Andrey On Jun 23, 4:42 pm, Chad <[email protected]> wrote: > Permissions aren't really checked on the server. I have tables in a > database for users, roles, and rights. And I have tables that link > them together users_roles and roles_rights. When the user logs in, and > authentication is complete, the user data is retrieved along with the > roles the user belongs to and the rights that belong to each role. The > roles and rights are added to the user and sent back to the client. > From that point on, the application can just query the user object for > everything that it needs to know about the user. > > HTH, > Chad > > On Jun 23, 3:28 pm, ailinykh <[email protected]> wrote: > > > I see. How do you check user permissions on server side? > > > Andrey > > > On Jun 23, 2:47 pm, Chad <[email protected]> wrote: > > > > Andrey, > > > > RPC is the way I do it. I have a User object that can be passed > > > between the client and server. It's kept on the client after login so > > > the entire UI can easily refer to it. My security scheme contains > > > roles that are a collection of rights. On the server side, at the time > > > of login, the roles and rights are retrieved from the database for the > > > user and added to the user object. The user object is only retrieved > > > from the server once since it is not stored anywhere (other than in > > > memory) on the client side. When the app is first entered, the user > > > object won't exist and therefore require a login. On the client side, > > > the UI can use the existence (or non-existence) of rights to determine > > > what to display: --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
