Hi Kevin, thanks for your answer. I tried to do it on the interface my server-side code uses as the implementation contract but I was using a JSR-250 annotation @RolesAllowed, which wasn't on my client scope.
I just tried the @PreAuthorize annotation and it seems to work on the client-side. Do I need the DispatcherServlet in order to make the annotation works? 2011/7/7 Kevin Jordan <[email protected]> > It's been a while since I've set mine up to do this, but when you say > you're setting them in the interface on the client side, are you > trying them on the Async interface or the interface your server-side > code implements off of? If you do it on the interface your server- > side code uses as the implementation contract, it will automatically > get those for spring security to check on the server-side and if you > set them up with spring doing the intercepting of the URL with > something such as org.springframework.web.servlet.DispatcherServlet > and in its myservletnamefromwebxml-servlets.xml, do something like > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:util="http://www.springframework.org/schema/util"; > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-3.0.xsd > http://www.springframework.org/schema/security > > http://www.springframework.org/schema/security/spring-security-3.0.xsd > http://www.springframework.org/schema/util > http://www.springframework.org/schema/util/spring-util-3.0.xsd";> > > <bean id="urlMapping" > class="org.gwtwidgets.server.spring.GWTHandler"> > <property name="mappings"> > <map> > <entry key="/myService.rpc" > value-ref="MyRPCService" /> > </map> > </property> > </bean> > </beans> > > Note that I'm using the GWTHandler bean from gwt-sl (http:// > sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to > do the URL mapping since it does better integration with GWT than > spring's built-in handlers do. > > You may also want to look into gwtsecurity to send better exceptions > to your client: http://code.google.com/p/gwtsecurity/ > > On Jul 7, 1:02 pm, Renato Beserra <[email protected]> wrote: > > Thanks for your answer. > > > > I considered something like that, but every restricted rpc method > > implementation has to call another method, with its own interface secured > by > > annotations, right? > > > > 2011/7/7 Juan Pablo Gardella <[email protected]> > > > > > > > > > > > > > > > > > > > > > Hi Renato, > > > > > I have a service layer, so in this method I use JSR250 > > > <http://en.wikipedia.org/wiki/JSR_250>annotations, Spring security can > > > work with this API. In client side I don't protect the invocations. In > > > server side, spring security throws an exception, if try to access to a > > > protected method, and travel to the client. I wrap it in a class and > show an > > > alert to the user. > > > > > Juan > > > > > 2011/7/7 Renato Beserra <[email protected]> > > > > >> Hi, > > > > >> I am integrating a GWT application with Spring Security and I got a > great > > >> example on a previous thread - > > >> > http://groups.google.com/group/google-web-toolkit/browse_thread/threa.... > > > > >> But now I want to secure my rpc calls, but i have a problem: Spring > > >> Security provides some annotations that i should use on the method > > >> declaration. But in GWT RPC the interface should be defined on client > side, > > >> so the annotation is not valid. > > > > >> Is there a simpler solution other than making my rpc implementation to > > >> call a secured method on the server-side? > > > > >> Thanks in advance. > > > > >> -- > > >> Renato Beserra Sousa > > > > >> -- > > >> You received this message because you are subscribed to the Google > Groups > > >> "Google Web Toolkit" group. > > >> To post to this group, send email to > [email protected]. > > >> To unsubscribe from this group, send email to > > >> [email protected]. > > >> For more options, visit this group at > > >>http://groups.google.com/group/google-web-toolkit?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google Web Toolkit" group. > > > To post to this group, send email to > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group at > > >http://groups.google.com/group/google-web-toolkit?hl=en. > > > > -- > > Renato Beserra Sousa > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
