Thanks, I'll see.
2011/8/15 ryannelsonaz <[email protected]>
> We're using the gwt-dispatch module (link below) to implement a
> command-pattern style RPC communication structure between the client and
> the
> server. Essentially each "command" taken by the client is encapsulated in
> an Action class, which gets assigned to a corresponding ActionHandler.
>
> We have a Login action that gets sent to a LoginHandler where the current
> user is authenticated. We then use annotations on the execute() method of
> the remaining handlers to do authorization. For example, here's a little
> pseudo-code sample for a hypothetical "get list of bank accounts" request:
>
> public class LoginHandler {
> public LoginResult execute( Login action ) {
> Subject currentUser = SecurityUtils.getSubject();
> currentUser.login( new UsernamePasswordToken( action.getUsername(),
> action.getPassword() ) );
>
> return new LoginResult( ... );
> }
> }
>
> public class GetBankAccountsHandler {
>
> @RequiresPermissions("bankaccounts:read")
> public GetBackAccountsResult execute( GetBackAccounts action ) {
> ...
> }
> }
>
> We have a LogoutHandler as well which simply invokes Shiro's logout()
> method. Hope that helps you with some ideas.
>
> I don't know if I'd recommend having an RPC call on each presenter--you'll
> have to decide based on your architecture whether or not that would be too
> chatty. However, if you really want to enforce authorization in the
> client,
> that's really your only option. (Until someone decides to port Shiro for
> GWT!)
>
> gwt-dispatch home: http://code.google.com/p/gwt-dispatch/
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Guice-Shiro-GWT-tp6654452p6688447.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
