On Mar 5, 11:17 am, Chris Lercher <[email protected]> wrote: > I personally wouldn't expect an authentication/authorization component > from a client side framework. Especially, because the login/logout > often happens outside the context of the GWT app.
Often is not always. The GWT app needs to know about login/logout though. > Security can only be provided by the server. Not sure i fully understand what you are getting at here. Yes, your data is coming from the server, just as all data from a web application which does anything. The client still needs to know various things about who is logged in and what they can see. > > Yes, you're right, the GWT documentation (or some blog somewhere) > could provide an example how to set things up for different scenarios > (note that there _is_ documentation on this for AppEngine in the GWT > tutorial! And it involves only a few steps.) GWT does not have to be used as part of the AppEngine. >From my perspective, security bridges both the client and the server. Right now it is very painful to implement and feel good that you covered all the basis. IMO, the whole point of a Web Application Framework is to simplify development. Authentication/Authorization is currently a pain in the ass to deal with and I do not see why it needs to be. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
