what about security implication of storing the info on the client ?
I think, if you are dealing with Role-Based Security/Access Control
List (ACL)/ Authorization,
everytime user goes to a new place, you need a server call to check
on the server whether the user is authorized to view a given
The same security implications that exist on the server also exist on the
client so sound judgment should always be exercised such as using client
side encryption for high security concerns and only passing sensitive data
that is encrypted over the wire, etc.
A hacker committed to getting access
Here's the use case we are dealing with,
SSO token shall be received by GWT application.
SSO token shall have user profile and role information.
Once I have read SSO token, I would like to use User Profile
information to be available in header page and Role information in
navigation page to
In your case the state you want to preserve seems to be associated with a
particular user, not the application, so you can use either cookies or
servlet session state to persist the information when the user logs in and
you can then query the information when displaying tabs or reacting to other
Yes, its application state for a User. Why do I need to query server
information every time for a user, I think I should able to create
client side object such as UserProfile, populate it from server side
once user logs in and then pass client side UserProfile object where
its required such as
You shouldn't have to query for the information more than once but you do
need to store it some place and like I said, you have several options. If
you want to store it on the client and have the information persist even
after the user closes the browser (across sessions) then you can use
cookies.
Mittal, by query, I believe Jeff means retrieve the user information from
wherever you stored after the initial server retrieval: the cookie or the
Session/Servlet state.
On Mon, Dec 6, 2010 at 7:52 AM, Mittal mitt...@gmail.com wrote:
Yes, its application state for a User. Why do I need to
Jeff,
I agree on creating a share object and storing into HashMap on client
side. But how do I share this HashMap on client side among different
screens such as Header, Navigation etc. (Other than passing HashMap
to these screens via some setter methods)
Mittal
On Dec 6, 11:23 am, Jeff
This is what I write in all my GWT applications when I need a client-side
cache:
import java.util.HashMap;
public class MyCache {
HashMapString, Object hashMap = new HashMapString, Object();
// singleton
private static MyCache instance = null;
private MyCache(){}
/**
