I'm sure other folks' examples will differ, but we did the following:
1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME,
VIEW_ITEM, ADD_ITEM, DELETE_ITEM }*
2. On user login, *UserEntitlement[] *fetch sent from backend to client
3. Restricted UI elements are enabled based on the entitlements found in
(2)
4. When RPC's are done, Spring Method level security used to confirm
that the user has the proper entitlement to run that method
Basically the nice part is just using the annotations to secure remote
methods and the concomitant alteration of the UI based on the user
entitlements.
I did not mention using Spring to restrict access to files since GWT pushes
the entire compiled application to the client first. Because of this, there
really are not pages to protect, just RPC's with method level security, in
case someone spoofs their entitlements on the client side.
Sincerely,
Joseph
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/PZHZgoV_A84J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
