It's been discussed before, you should do a search. I think the consensus is to have any security related or sensitive portions in it's own entrypoint, so that the clientside code is not downloaded. Also you can restrict access to the security entrypoint on the server via IP, etc.
Some other ways have been proposed, which are simpler and or less secure. On Thu, Sep 17, 2009 at 12:38 AM, Steve Lancey <[email protected]> wrote: > > Hi, > > Is there a common way / or design strategy to show/hide or enable/ > disable gwt widgets based on a predefined role/access rights. > I.e. if a user with role 'admin' is accessing the application an admin > button is visible, which is not visible in the case a user with role > 'guest' is accessing the page. > > Thanks in advance, > > Steve L. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
