I have kind of an aversion for everything Spring, and haven't had the need
for anything more complex than checking user roles at the method level.
We are using Spring pretty heavily and it does seem to add a huge layer of
complexity and I'm not quite sure to what benefit (apart from DI).
I am wondering if there is anything standards based a servlet container can
provide when I only have a static set of permissions and customers can
define their own roles by combining these permissions. I pretty much always
need something like @PermissionRequired instead of @RolesAllowed in my
We couldn't find anything standard and went with spring security after
looking at Shiro. In Shiro and the standard stuff it seems,at best, tough
to do basic stuff like administrators and owners can see a user's email
address.
Our domain has a dozen roles and and groups (with different
On Saturday, July 27, 2013 3:43:18 PM UTC+2, Jens wrote:
I am wondering if there is anything standards based a servlet container
can provide when I only have a static set of permissions and customers can
define their own roles by combining these permissions. I pretty much always
need
Thanks Thomas that's good information. I too have found that best
practices for securing GWT applications difficult to come by. There are
just bits and pieces on the web...and if you get the Spring Security book,
for example as I did, they don't even mention GWT. What's needed are some
Thanks Juan for your response and the reference.
On Thursday, July 25, 2013 7:09:37 PM UTC-4, Juan Pablo Gardella wrote:
Hello,
I think currently there are not frameworks that do what you want. At UI
you need to write code to enable/disable components. Check this old thread:
Thanks Thomas, that's a lot of useful information - although I have to
admit I have to work my way through it, since i am not very familiar with
the AOP/ServiceLayerDecorator concept through Guice.
I am using the straightforward Service/AsyncService on client side and
ServiceImpl on server
On Friday, July 26, 2013 7:38:39 PM UTC+2, dhoffer wrote:
Thanks Thomas that's good information. I too have found that best
practices for securing GWT applications difficult to come by. There are
just bits and pieces on the web...and if you get the Spring Security book,
for example as
That's good information. I had no idea Guice supported AOP, I've been
using Guice for IoC and Spring Security for security functionality. (I too
have an aversion to Spring for IoC but I don't have a preference yet for
security).
However I'd have to see an example to really understand the
On Friday, July 26, 2013 8:30:29 PM UTC+2, Thomas Broyer wrote:
On Friday, July 26, 2013 7:38:39 PM UTC+2, dhoffer wrote:
Thanks Thomas that's good information. I too have found that best
practices for securing GWT applications difficult to come by. There are
just bits and pieces on
Hi ,
I am navigating my way through GWT - and hit a major conceptual roadblock
with security issues.
If i want to implement security ( authentication and authorization) in my
GWT webapp( doesn't include app-engine) what is conceptually the best
*Framework
*( for example shiro , acegi etc)
Hello,
I think currently there are not frameworks that do what you want. At UI you
need to write code to enable/disable components. Check this old thread:
https://groups.google.com/forum/#!msg/google-web-toolkit/asDc2-JFy-A/z9izD9p_RoIJ
2013/7/25 asif.t...@gmail.com
Hi ,
I am navigating my
On Friday, July 26, 2013 12:39:53 AM UTC+2, asif...@gmail.com wrote:
Hi ,
I am navigating my way through GWT - and hit a major conceptual roadblock
with security issues.
If i want to implement security ( authentication and authorization) in my
GWT webapp( doesn't include app-engine)
13 matches
Mail list logo