Hi All, We are planning to use GWT RPC as a frontend for a rather large project in terms of number of different user profiles, number of different logical tabs/windows where user can access only those functionalities for which he has permissions. On client side specific, let's say, button or window will not be rendered if user does not have priviledges, while on the server side services will be declaratively secured and even if user somehow managed to call service for which he does not have access rights, access will be denied. We are using pretty basic security model: permission, role, user, where at UI all permissions for given user (via his roles) will be pulled and then enforced (UI developer will statically bind specific permission to specific UI action).
Same specific funtionality (button) may be logically present on multiple locations on GUI, and client side enforcement would have to take that into the account. Questions where the help of the community would be appreciated are: 1) what are the best practice when it comes to client-side RPC (declarative?) security enforcement? 2) should we, say, for every widget (button etc) override isVisible() method and then check (assuming here that GWT runtime will call JavaScript equivalent of isVisible() Java method at render time from within JavaScript runtime) if user has permission to see given component? 3) should we cache user's permissions in some kind of JavaScript cache, or caching it on server-side and then make a call from JavaScript's to server to see of specific component/button should be rendered based on user's priviledges? If server side approach is preferred, GWT RPC will not have performance problems? Thanks in advance on any tips you may have. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
