Hi zixzigma, doing security in the client would be wrong. Remember you are doing client-server with GWT (not fatclient as classical web technology does) The client should ony receive data which are allowed for the current user role. The client is never ever a trusted component! So in the end any client based security concept (basing on annotation or what else) is just a misconception.
The server is the only place where security can apply. But GWT is mainly a client side topic. Authentication based security or roles based security will never be a GWT (client) topic Stefan Bachert http://gwtworld.de On 30 Okt., 10:35, zixzigma <[email protected]> wrote: > Hello everyone, > > I have some questions regarding implementing security in GWT. > > It's a typical use case: > let's say in your app, users can have different roles, > and you want to show only the relevant part of the UI, based on their > role. > > and I am talking about more than 3 roles. > eg:(Customer, BranchManager, Teller, CEO, System Admin) > (after all GWT is for larger apps, right ? ) > > on the back-end, i am planning to use Spring, and i'm going to use > Spring Security, > for authentication, fine-grained authorization, (method level, ACL), > it is a very mature framework and annotation based. > > however, when it comes to the front-end UI, I don't know what is the > recommended practice to incorporate role-based security in MVP. (i > don't want the security checks get scattered across all methods on the > client, bloated code, if statements everywhere, security is a cross- > cutting concern, right? should i put it in the Activity/Presenter ?) > > I see GWT 2.1 release addresses security concerns, for cross-site > scripting, and introducing SafeHtml. > but nothing related to authorization. > > I would appreciate your insights and any feedback from google team, > perhaps a tutorial addressing this aspect of application security is > really needed ! > > is it possible for GWT team to introduce annotation-based support for > addressing security ? > does it make sense at all, or i'm missing something. > > what have been your experiences in implementing security in GWT ? > > Thank You -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
