Agreed, server side access checks must always be there.
public String getAuditLogDetail(int id) throws MyException {
HttpSession sess = getThreadLocalRequest().getSession();
validSession(sess);
if (hasAdminAccess(sess)) {
LocalDbWrapper ldb;
try {
ldb = new LocalDbWrapper(servletContext);
AuditLogDAO dao = new AuditLogDAO();
return (dao.getLogDetail(ldb, id));
} catch (LocalDbException e) {
throw new MyException("Database request failed: "
+ e.getMessage());
}
} else
throw new MyException("Access denied! (getAuditLogDetail)");
}
Some example client code where app config menu item is only enabled after
login and if user has admin rights. Screens for any user are always
downloaded, admin screens are downloaded on demand with code
splitting(GWT.runAsync).
// only display menu when admin access
if (Access.hasAccess(me, MyConst.ACCESS_ADMIN)) {
configMenuItem.setVisible(true);
configMenuItem.setCommand(appConfigCmd);
}
Command appConfigCmd = new Command() {
@Override
public void execute() {
if (Access.hasAccess(me, MyConst.ACCESS_ADMIN)) {
GWT.runAsync(new RunAsyncCallback() {
@Override
public void onFailure(Throwable reason) {
Window.alert("GWT.runAsync failed for App Config panel:"
+ reason.getMessage());
}
@Override
public void onSuccess() {
uberContent.clear();
ConfigPanel panel = new ConfigPanel(me);
uberContent.add(panel);
placePanel(800, 1300);
}
});
}
}
};
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/foL6rnWJ3loJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
