Hi, Here is my take on how to do ACL (Access Control Lists) on a GWT RPC server (servlet).
http://cvs.adligo.org/viewvc/adi_gwt_rpc_servlet/src/org/adligo/i/adi/server/rpc/AdiControllerServlet.java?view=markup Spring Security (and all other web 1.0 style HttpFilter security can only secure at the url level (servlet mapping), the above servlet allows you to inject security filter code right after de-serilization). Cheers, Scott On Nov 24, 9:00 am, Baloe <[email protected]> wrote: > Hi, > > Yup of course, I am talking about the serverside, 'RPC' is quite > serverside ;) > > Thanks for the suggestions, I'm looking into these. > > Thanks! > Niels > > On 24 nov, 13:53, Didier Durand <[email protected]> wrote:> Hi Baloe, > > > You should definitely implement security in the back-end rather than > > in the front-end: you have to keep in mind that your back-end may be > > called by something else than your js code generated by GWT. You're > > then in bad shape if your back-end services accept any request without > > checking. > > > So, make sure that the framworks / mechanisms that you use respect > > this. > > > regards > > didier > > > On Nov 24, 1:33 pm, ep <[email protected]> wrote: > > > > hi, you might want to take a look athttp://code.google.com/p/gwt-security/ > > > orhttp://code.google.com/p/acris/ > > > > On 24 Nov., 11:56, Baloe <[email protected]> wrote: > > > > > Hi all, > > > > > I wonder what is the best way to put ACL in our GWT project. Is there > > > > any mechanism in GWT build-in to grand users to specific RPC calls, or > > > > something similar? Our should we just insert Spring Security > > > > somewhere? > > > > > Thanks for any hints! > > > > Niels -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
