I'm also considering java security frameworks like Apache Shiro and
Spring Security... What do you think about them?
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
UserMgr is a simple class containing the functionality needed for the
UI to do the roles checks, login logout user etc. The list of roles
assigned to the user is not a part of the UserMgr itself but it's a
property of the User entity -a simple HashSet to be precise. The
UserMgr has a property
Thank you Lukasz.
In my app I'm doing the security checks on the client- as well as on
the server-side. After the user successfully logged into the app, the
UserManager containes among other things a set of roles which are
assigned to the current user enabling the role-checks without any rpc-
The project looks promising, but I wasn't able to get acris-security to work
I include acris-security-core 1.1.1-SNAPSHOT as a maven dependency the
way they explain on their wiki (no exactly the same because
acris-security doesn-t exist, I had to use acris-security-core) but when
I add the
In my app I'm doing the security checks on the client- as well as on
the server-side. After the user successfully logged into the app, the
UserManager containes among other things a set of roles which are
assigned to the current user enabling the role-checks without any rpc-
callbacks. The client
A possible solution could be to make an RPC call to the server during
onModuleLoad. This RPC call would generate the necessary Widgets and/
or place them on a panel and then return this panel to the client end.
What do you think about this?
--
You received this message because you are
using the MVP pattern in my app). When the presenter is
rendering the view, it can check which functionality should be enabled
or disabled.
HTH,
Lukasz
On 1 Mrz., 18:47, csaffi csaff...@gmail.com wrote:
Hi everybody,
I'm wondering if you could suggest me any way to implement user
roles in GWT
csaff...@gmail.com wrote:
Hi everybody,
I'm wondering if you could suggest me any way to implement user
roles in GWT applications. I would like to implement a GWT
application where users log in and are assigned roles. Based on
their role, they would be able to see and use different
could you please explain, why the check on client-side is necessary, if the
server does the check ?
and on the client-side, do you mean having a UserRoles object, which
contains user's permission ?
Thank You
--
You received this message because you are subscribed to the Google Groups
Google
if using GWT Activities, do you think it is better to perform the check in
Activities themselves or in ActivityMappers (or ActivityFactories) ?
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to
On 2 Mar, 14:31, Lukasz l.plotni...@googlemail.com wrote:
I'm doing it by providing a self-implemented UserManager object on the
client. It contains the currently signed in user and provides methods
for access or role checks e.g. canEditUser(). This UserManager object
is an singleton injected
On 2 Mar, 16:41, Ben Imp benlee...@gmail.com wrote:
This is basically what I have implemented in my system as well. Our
user roles are in the DB and I keep a copy on the client so all of the
presenters can inspect it to see what the user can do.
I should mention that double-checking the
Depends on the situation, but in general its much easier on users if
things they can't do/edit aren't shown to them. Or, alternatively, if
they are shown, be shown with some visual indicator of restricted
access. A panel full of blank values with no UI feedback is somewhat
unintuitive. A panel
Hi everybody,
I'm wondering if you could suggest me any way to implement user
roles in GWT applications. I would like to implement a GWT
application where users log in and are assigned roles. Based on
their role, they would be able to see and use different application
areas.
Thank you very much
I am also interested in finding a decent solution for this.
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
to implement user
roles in GWT applications. I would like to implement a GWT
application where users log in and are assigned roles. Based on
their role, they would be able to see and use different application
areas.
Thank you very much in advance for your help!
--
You received this message because
What do you think about this one?
http://code.google.com/p/acris/wiki/Security
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send
I have a question from a slightly different angle:
Is there a common way / design strategy to show/hide or enable/disable
gwt widgets based on a predefined role/access rights.
i.e. if a user with role 'admin' is acessing the application an admin
button is visible, which is not visible in the
On Aug 20, 4:46 pm, Laird Nelson ljnel...@gmail.com wrote:
On Thu, Aug 20, 2009 at 9:39 AM, Zé Vicente josevicentec...@gmail.comwrote:
I would say that all you need to do is to use runAsync() to saparate
Adm features from regular features and then make sure that on server
side you check
I would say that all you need to do is to use runAsync() to saparate
Adm features from regular features and then make sure that on server
side you check for each operation, if the user has the good credential
to execute it.
That is all.
Zé Vicente
On Aug 19, 4:34 pm, Phineas Gage
On Thu, Aug 20, 2009 at 9:39 AM, Zé Vicente josevicentec...@gmail.comwrote:
I would say that all you need to do is to use runAsync() to saparate
Adm features from regular features and then make sure that on server
side you check for each operation, if the user has the good credential
to
I would like to implement a GWT application where users log in and are
assigned roles, as is typical in many web applications. Based on their
role, they would be able to see and use different areas of the
application.
The trouble when using GWT is, because the entire application is
transmitted
just my 2 cents:
1) Even though users cannot execute, for example, administrative RPC
methods, by reverse engineering the JavaScript they may still be able
to read sensitive information regarding the format or nature of the
available administrative requests. Careful developers may be able to
On Aug 19, 4:02 pm, mars1412 martin.trum...@24act.at wrote:
just my 2 cents:
hiding or obfuscating will not stop a detrmined attacker anyway,
so there's no reason to worry about that.
that does of course not mean, that you shouldn't do it, if it's
easy: e.g. of course use the OFB mode when
24 matches
Mail list logo
