David,
My apologies for not getting back to you. I've been thinking about the
correct answer. You describe the issue of the error being thrown if the
user does not have the proper role. In our implementation that was
considered sufficient, since it prevented the user from accessing a remote
method they should not.
If you want to fail gracefully, you can redirect that method security
exception to another page using your web.xml.
<!-- web.xml --><error-page>
<exception-type>org.springframework.security.access.AccessDeniedException</exception-type>
<location>yourMethodAccessDenied.jsp</location></error-page>
There are other ways in Spring to cleanly map these exceptions as detailed
here<http://stackoverflow.com/questions/8742842/how-to-handle-accessdeniedexception-in-spring-security>.
This would work well if you're using JSON or REST.
However, if you're using GWT-RPC, then I'm not sure how to make a clean
response using the same RPC serializer that the client side GWT is
expecting to hear back from. You would probably need to access more of the
GWT-RPC internals to achieve that.
Sincerely,
Joseph
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/fNw4Oc9Xs_8J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
