Re: gwt authorization in uibinder

Like Ümit said, you can pass the authorizations provided by your Spring Security UserDetailsService to the frontend via an RPC or similar. Then you can decide in your presenters whether to show an element or not. If you want, you can store all your authorizations as an Enum and then you could customize your widgets with a "setRequiredAuthorization()" method, which could be passed in from UiBinder via <someTag requiredAuthorization="{FOO_AUTH}" />. However, ideally you'd keep your views (UiBinder) dumb and leave that authorization checking to a higher level.

Of course, the kicker here is to secure the backend calls. I suggest @Secured or @PreAuthorize annotations to secure your methods, which works out of the box with Spring Security.

Sincerely,

Joseph

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/aAU9dMyGjTgJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.