Like Ümit said, you can pass the authorizations provided by your Spring
Security UserDetailsService to the frontend via an RPC or similar. Then you
can decide in your presenters whether to show an element or not. If you
want, you can store all your authorizations as an Enum and then you could
customize your widgets with a "setRequiredAuthorization()" method, which
could be passed in from UiBinder via <someTag
requiredAuthorization="{FOO_AUTH}" />. However, ideally you'd keep your
views (UiBinder) dumb and leave that authorization checking to a higher
level.
Of course, the kicker here is to secure the backend calls. I suggest
@Secured or @PreAuthorize annotations to secure your methods, which works
out of the box with Spring Security.
Sincerely,
Joseph
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/aAU9dMyGjTgJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
