Hello everyone, I have some questions regarding implementing security in GWT.
It's a typical use case: let's say in your app, users can have different roles, and you want to show only the relevant part of the UI, based on their role. and I am talking about more than 3 roles. eg:(Customer, BranchManager, Teller, CEO, System Admin) (after all GWT is for larger apps, right ? ) on the back-end, i am planning to use Spring, and i'm going to use Spring Security, for authentication, fine-grained authorization, (method level, ACL), it is a very mature framework and annotation based. however, when it comes to the front-end UI, I don't know what is the recommended practice to incorporate role-based security in MVP. (i don't want the security checks get scattered across all methods on the client, bloated code, if statements everywhere, security is a cross- cutting concern, right? should i put it in the Activity/Presenter ?) I see GWT 2.1 release addresses security concerns, for cross-site scripting, and introducing SafeHtml. but nothing related to authorization. I would appreciate your insights and any feedback from google team, perhaps a tutorial addressing this aspect of application security is really needed ! is it possible for GWT team to introduce annotation-based support for addressing security ? does it make sense at all, or i'm missing something. what have been your experiences in implementing security in GWT ? Thank You -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
