Hi Daniel, Thanks for your reply. I have read posts on this topic before I created my own and I realize that there are concepts where a separation of entrypoints makes sense. However, in my case large portions (90%) of the UI are identical to all roles and only small parts (individual buttons, tabs,...) have access restrictions, so creating a separate entrypoint wouldn't make much sense, same goes for the IP. I don't know how much you are aware of spring security, but they have tag libraries that enable you to show / hide components based on roles. Is there a similar concept for gwt?
Thanks, Steve L. On Sep 17, 10:45 am, Daniel Jue <[email protected]> wrote: > It's been discussed before, you should do a search. I think the > consensus is to have any security related or sensitive portions in > it's own entrypoint, so that the clientside code is not downloaded. > Also you can restrict access to the security entrypoint on the server > via IP, etc. > > Some other ways have been proposed, which are simpler and or less secure. > > On Thu, Sep 17, 2009 at 12:38 AM, Steve Lancey <[email protected]> wrote: > > > Hi, > > > Is there a common way / or design strategy to show/hide or enable/ > > disable gwt widgets based on a predefined role/access rights. > > I.e. if a user with role 'admin' is accessing the application an admin > > button is visible, which is not visible in the case a user with role > > 'guest' is accessing the page. > > > Thanks in advance, > > > Steve L. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
