I have some questions regarding implementing security in GWT.
It's a typical use case:
let's say in your app, users can have different roles,
and you want to show only the relevant part of the UI, based on their
role.
and I am talking about more than 3 roles.
eg:(Customer, BranchManager, Teller, CEO, System Admin)
(after all GWT is for larger apps, right ? )
on the back-end, i am planning to use Spring, and i'm going to use
Spring Security,
for authentication, fine-grained authorization, (method level, ACL),
it is a very mature framework and annotation based.
however, when it comes to the front-end UI, I don't know what is the
recommended practice to incorporate role-based security in MVP. (i
don't want the security checks get scattered across all methods on the
client, bloated code, if statements everywhere, security is a cross-
cutting concern, right? should i put it in the Activity/Presenter ?)
I see GWT 2.1 release addresses security concerns, for cross-site
scripting, and introducing SafeHtml.
but nothing related to authorization.
I would appreciate your insights and any feedback from google team,
perhaps a tutorial addressing this aspect of application security is
really needed !
is it possible for GWT team to introduce annotation-based support for
addressing security ?
does it make sense at all, or i'm missing something.
what have been your experiences in implementing security in GWT ?
Thank You
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment