This is true until you start passing rpc objects that describe what
they are going to do on the server.
For instance a rpc service like;
getAnimal(String name)
If the vet should be the only person able to get the 'Bob Cat' and
'Cobra' but the nurse can get the 'Dog' and 'Cat'...
For methods
Doing security in a Servlet Filter is the way to go. It could be
Acegi or something homegrown, but as long as you filter on security
before you chain to the servlet, you're good to go.
On Mar 6, 8:25 pm, lineman78 linema...@gmail.com wrote:
Generally there should not be any problems with you
Excuse my illiteracy about gwt, I just started working on GWT last
week. Yesterday I implemented my first rpc application and one thing
makes me worried a little bit. I will compile and all the content will
work on client and it will rpc server code without any authentication
if I am not
I believe that if you use container managed security for your entire
GWT app it will require authentication to access the servlets too. In
fact I just tested it and that is correct(FROM ACCESS LOG:
'127.0.0.1 matt 06/Mar/2009:18:17:36 + POST /SEESuite/
rssParser HTTP/1.1 200 3082' notice
Thanks for the reply, Frankly I never used container managed security
before, but now I am reading about it. Another approach I was thinking
about was checking encrypted passwords in servlet from the db, I
found something like this in the wiki which looks like a simple and
good approach to me:
Yes, this approach can work, but there is one small drawback. If you
aren't planning on making it a ssl application you will have to use
ssl for the rpc/json authentication request. This is so that the
packets cannot be intercepted on unsecure wireless. I believe
container managed security has
I am planning to make it a ssl application, so that nobody can
eavesdrop, malform login data, As far as I know, I don't need to
modify anything(code) in gwt project to accomplish that, right? I
believe that web server should be handling all those details. Is there
any drawbacks about using ssl?
Generally there should not be any problems with you using SSL in your
application. That being said, there are a few ways you could have got
yourself into trouble when trying to switch over.
1) You did not use GWT.getModuleBaseUrl when creating your RPC classes
or making local references.
2) If