You can easily annotate secured panels with
@Secured("ONLY_ADMIN")
this panels will be available only to administrators. Other panels
will be available to every user.This is the client security, don't forget to handle secured methods/ access also on server side. Just have a look on: http://code.google.com/p/acris/wiki/Security and the showcase: http://acris.googlecode.com/svn/trunk/acris-security-showcase Peter On 16. Júl, 12:06 h., Thomas Broyer <[email protected]> wrote: > On 16 juil, 09:45, ehognestad <[email protected]> wrote: > > > I am using GWT for making an enterprise application, and I need to > > limit the access the users get to the application, so that > > administrators are able to see and edit stuff that normal users are > > not able to access. > > > For example a module inside the application could have a number of > > tabs, where some of the tabs should only be seen by administrators, > > and the others can be seen by anyone. > > > I want to know what the best way is to do this with GWT, could this be > > done with generators? > > This is a recurring question. The answers invariably are: > - yes it could be done at compile-time, generating N version of the > application and choosing at runtime which one to use (i.e. in the JSP > or servlet or whatever that serves the HTML host page, generate the > appropriate <script src=""> tag) > - you'd have to handle security on the server-side anyway, so you > could also have a single app that just doesn't show some tabs, > buttons, etc. if the current user is not an admin: the "screens" and > GWT-RPC (or whatever) are present in the code, but are harmless > because the server will reject calls to admin resources from non-admin > users. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
