acris-security depends on some core modules and tries to be as separated as it is possible. It is designed to fit into (hopefully) any environment but currently we have integration with Spring Security only. Nevertheless we are open to any discussion regarding extensions.
The client is built in javascript and transferred to the user thus the logic primarily shows/hides or enables/disables the components. Server side security is always required because you cannot rely on the information sent by the client. Regarding documentation - it is not complete yet, we are working on it these days. @Secured annotation on top of the class propagates authorities to field's @Secured so you don't have to repeat it. For each field that has to be secured the @Secured annotation must be put on top. Interface must be implemented so generator can process it. Approximately in two days the showcase will be available. If you have ideas worth discussion feel free to open a thread in the group http://groups.google.com/group/acris . On 3. Júl, 11:50 h., KaiWeing <[email protected]> wrote: > Hello Ladislav, > > looks interesting! Could you answer me a few questions: > > Is it correct, that I can use acris security independently of the > other acris modules? > > Does it require Spring Security on the server side, or could I use > something else? > > Are the restricted ui parts still transported to the client when the > user is not authorized? > > Why do I need to implement an Interface plus add an annotation? > > Thanks! > > Kai > > On 2 Jul., 17:32, Ladislav Gazo <[email protected]> wrote: > > > Hey Kai, > > > there is a toolkit called AcrIS (http://acris.googlecode.com/) where > > one of it's part is denoted to security - acris-security module > > (http://code.google.com/p/acris/wiki/Security). It handles client and > > server security. On the client it is using annotations or manually > > specified authorities. Server is spring-security based. Documentation > > is in progress these days and will be finished until the release. > > > BR, > > Laco > > > On 1. Júl, 14:07 h., KaiWeing <[email protected]> wrote: > > > > Hello, > > > > we are evaluating GWT as a basis for different kinds of enterprise > > > applications we have here. Some of those have controls which must only > > > be displayed for users in a certain role, also, the decision which > > > controls to display must be made at serverside, to avoid clientside > > > manipulation. > > > > How can I implement such a requirement securely in GWT? > > > > Should this be solved via deferred binding (that would require that > > > deferred binding could take the server-state into account)? > > > > Is there a pattern for this in GWT or any extension library? > > > > Thanks very much for your feedback! > > > > Kai -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
