On 27 août, 14:19, André Moraes <[email protected]> wrote: > When using split points the code is loaded only when it is need, so > the application loads faster and the user don't need to download code > that is not used. This is very nice. > > But how can I control the code that the user can load, supose the > following scenario: > > 1- Operational user: load the invoce module so they can store the > invoices sent. > 2- Manager user: load the sales module so they can see how much > invoces was made in the current month. > > Making this with split point is very easy, we can create a custom GWT > property (and use deffered binding) or check a cookie value and get > the type of user and then load only the module for that user. > > But this is not secure, since the user can load the module that should > not be available to him. > > The question: How can I check which compilation (strong name) will be > loaded by which split-point (GWT.async) so that i can check on server > and send a 403 status code? > > I belive that it will involve some Linkers/Generators, but I don't > know were to begin.
I'd rather make two completely distinct modules (i.e. two apps), and load the appropriate one (the appropriate *.nocache.js) depending on the user. In any case, there's no need to filter out the app JS code (*.cache.html) from the users (it will hurt caching too), as long as your server denies requests to *data* (and services, or whatever you call them) to unauthorized users (i.e. even if the operational user finds out how to launch the sales module, it won't have access to the invoices data, making it useless). -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
