We're using the gwt-dispatch module (link below) to implement a
command-pattern style RPC communication structure between the client and the
server. Essentially each "command" taken by the client is encapsulated in
an Action class, which gets assigned to a corresponding ActionHandler.
We have a Login action that gets sent to a LoginHandler where the current
user is authenticated. We then use annotations on the execute() method of
the remaining handlers to do authorization. For example, here's a little
pseudo-code sample for a hypothetical "get list of bank accounts" request:
public class LoginHandler {
public LoginResult execute( Login action ) {
Subject currentUser = SecurityUtils.getSubject();
currentUser.login( new UsernamePasswordToken( action.getUsername(),
action.getPassword() ) );
return new LoginResult( ... );
}
}
public class GetBankAccountsHandler {
@RequiresPermissions("bankaccounts:read")
public GetBackAccountsResult execute( GetBackAccounts action ) {
...
}
}
We have a LogoutHandler as well which simply invokes Shiro's logout()
method. Hope that helps you with some ideas.
I don't know if I'd recommend having an RPC call on each presenter--you'll
have to decide based on your architecture whether or not that would be too
chatty. However, if you really want to enforce authorization in the client,
that's really your only option. (Until someone decides to port Shiro for
GWT!)
gwt-dispatch home: http://code.google.com/p/gwt-dispatch/
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Guice-Shiro-GWT-tp6654452p6688447.html
Sent from the Shiro User mailing list archive at Nabble.com.
