In my app I'm doing the security checks on the client- as well as on the server-side. After the user successfully logged into the app, the UserManager containes among other things a set of roles which are assigned to the current user enabling the role-checks without any rpc- callbacks. The client checks are done to provide only the necessary UI - only the system functions which can actually be accessed by the current user. The server checks provides the "true" security, ensuring that only the users with the corresponding rights can access the services.
As I'm working with the gwt-presenter, I'm doing the checks also within the Places objects. But also in the presenters if it's needed. On 2 Mrz., 20:14, csaffi <[email protected]> wrote: > On 2 Mar, 14:31, Lukasz <[email protected]> wrote: > > > I'm doing it by providing a self-implemented UserManager object on the > > client. It contains the currently signed in user and provides methods > > for access or role checks e.g. canEditUser(). This UserManager object > > is an singleton injected via gin into all relevant presenters (as you > > see I'm also using the MVP pattern in my app). When the presenter is > > rendering the view, it can check which functionality should be enabled > > or disabled. > > > HTH, > > Lukasz > > Thank you Lukasz. > Does UserManager check user roles server-side with an RCP call? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
