@jhulford - That won't actually "secure" the admin UI, since anyone can still download the UI by requesting that particular permutation. **If the UI itself is sensitive** then you should consider other ways of protecting it. But if, as is far more likely, it's the *data* that is sensitive, then just let everyone download the admin UI along with everything else (unless you feel like trying out runAsync) and then make sure that your data services are secure (see the FAQ I posted before).
@Nickelnext - That's right, you can't serialize a Widget object. What you could do, if you wanted to go down that path, is to serialize data that describes a Widget and write code on the client to create Widgets based on that description. But as I stated in my reply to jhulford, I would only do that after careful consideration which results in the conclusion that my UI itself, the boxes and lines and pretty pictures, are sensitive and warrant such measures. I have never come to that conclusion in a GWT app. I always just secure the data. - Isaac On Thu, Jul 30, 2009 at 11:20 AM, jhulford<[email protected]> wrote: > > I think what they're saying is use a pair of deferred bindings for > your application. One for the standard use case and another for the > admin use case. The standard case should never reference the admin > tab and therefore the code that is contained in that tab or referenced > in it should be dead-code eliminated by the compiler pass that > generates the javascript/etc for the standard case binding option - > ergo users can't manipulate the javascript to get into the admin > section. For the admin case, it will contain the admin tabs and the > others. For users that authenticate as an admin you can set the > binding option (meta tag is easiest) on your host page to indicate to > the GWT loader that it should load the admin page instead of the > standard one. > > On Jul 30, 8:16 am, Nickelnext <[email protected]> wrote: >> I tried this way but i cannot make my AdminPanel (extends >> verticalPanel) serializable, so i cannot transfer it like an object >> through rpc... > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
