Hi guys, and thanks for the answers.
So it seems the answers you have given are two-fold. I hadn't really got to
thinking about securing the server yet as I am just building a prototype
and still learning as I go. However, now seems as good a time as any to
secure the RPC calls. Would something as simple as this do the trick,
inside the function in the ProgServiceImpl:
if(loginInfo.isAdminUser())
{
// perform RPC call as usual and return
}
else
{
throw UserNotAdminException("blah");
}
On to the client code... Craig, are you saying that it is best to have all
of the admin and regular controls in the uibinder template, and then hide
things if the user is not an admin? This seems illogical to me, as most
users are not admins so they are downloading code that they will never see?
Am I missing something? Is this where deferred binding comes in?
Thanks again for you help. I'll get securing those RPC methods!
Drew
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/cFI3x5zWRYcJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
