You'll need to have your service invoked as a Spring Bean somehow to make the annotations take effect. It won't work as just a servlet entry in your web.xml. DispatcherServlet is one of the easiest way to make it do that.
On Jul 8, 7:11 am, Renato Beserra <renatobese...@gmail.com> wrote: > Hi Kevin, thanks for your answer. > > I tried to do it on the interface my server-side code uses as the > implementation contract but I was using a JSR-250 annotation @RolesAllowed, > which wasn't on my client scope. > > I just tried the @PreAuthorize annotation and it seems to work on the > client-side. Do I need the DispatcherServlet in order to make the annotation > works? > > 2011/7/7 Kevin Jordan <ke...@kjordan.net> > > > > > > > > > > > It's been a while since I've set mine up to do this, but when you say > > you're setting them in the interface on the client side, are you > > trying them on the Async interface or the interface your server-side > > code implements off of? If you do it on the interface your server- > > side code uses as the implementation contract, it will automatically > > get those for spring security to check on the server-side and if you > > set them up with spring doing the intercepting of the URL with > > something such as org.springframework.web.servlet.DispatcherServlet > > and in its myservletnamefromwebxml-servlets.xml, do something like > > <?xml version="1.0" encoding="UTF-8"?> > > <beans xmlns="http://www.springframework.org/schema/beans" > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > > xmlns:util="http://www.springframework.org/schema/util" > > xsi:schemaLocation=" > > http://www.springframework.org/schema/beans > > http://www.springframework.org/schema/beans/spring-beans-3.0.xsd > > http://www.springframework.org/schema/security > > >http://www.springframework.org/schema/security/spring-security-3.0.xsd > > http://www.springframework.org/schema/util > >http://www.springframework.org/schema/util/spring-util-3.0.xsd"> > > > <bean id="urlMapping" > > class="org.gwtwidgets.server.spring.GWTHandler"> > > <property name="mappings"> > > <map> > > <entry key="/myService.rpc" > > value-ref="MyRPCService" /> > > </map> > > </property> > > </bean> > > </beans> > > > Note that I'm using the GWTHandler bean from gwt-sl (http:// > > sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to > > do the URL mapping since it does better integration with GWT than > > spring's built-in handlers do. > > > You may also want to look into gwtsecurity to send better exceptions > > to your client:http://code.google.com/p/gwtsecurity/ > > > On Jul 7, 1:02 pm, Renato Beserra <renatobese...@gmail.com> wrote: > > > Thanks for your answer. > > > > I considered something like that, but every restricted rpc method > > > implementation has to call another method, with its own interface secured > > by > > > annotations, right? > > > > 2011/7/7 Juan Pablo Gardella <gardellajuanpa...@gmail.com> > > > > > Hi Renato, > > > > > I have a service layer, so in this method I use JSR250 > > > > <http://en.wikipedia.org/wiki/JSR_250>annotations, Spring security can > > > > work with this API. In client side I don't protect the invocations. In > > > > server side, spring security throws an exception, if try to access to a > > > > protected method, and travel to the client. I wrap it in a class and > > show an > > > > alert to the user. > > > > > Juan > > > > > 2011/7/7 Renato Beserra <renatobese...@gmail.com> > > > > >> Hi, > > > > >> I am integrating a GWT application with Spring Security and I got a > > great > > > >> example on a previous thread - > > >http://groups.google.com/group/google-web-toolkit/browse_thread/threa.... > > > > >> But now I want to secure my rpc calls, but i have a problem: Spring > > > >> Security provides some annotations that i should use on the method > > > >> declaration. But in GWT RPC the interface should be defined on client > > side, > > > >> so the annotation is not valid. > > > > >> Is there a simpler solution other than making my rpc implementation to > > > >> call a secured method on the server-side? > > > > >> Thanks in advance. > > > > >> -- > > > >> Renato Beserra Sousa > > > > >> -- > > > >> You received this message because you are subscribed to the Google > > Groups > > > >> "Google Web Toolkit" group. > > > >> To post to this group, send email to > > google-web-toolkit@googlegroups.com. > > > >> To unsubscribe from this group, send email to > > > >> google-web-toolkit+unsubscr...@googlegroups.com. > > > >> For more options, visit this group at > > > >>http://groups.google.com/group/google-web-toolkit?hl=en. > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Google Web Toolkit" group. > > > > To post to this group, send email to > > google-web-toolkit@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > > google-web-toolkit+unsubscr...@googlegroups.com. > > > > For more options, visit this group at > > > >http://groups.google.com/group/google-web-toolkit?hl=en. > > > > -- > > > Renato Beserra Sousa > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to google-web-toolkit@googlegroups.com. > > To unsubscribe from this group, send email to > > google-web-toolkit+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/google-web-toolkit?hl=en. > > -- > Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.