Saturday, October 30, 2010

Role based Security in GWT: how to implement ?

Hello everyone,

I have some questions regarding implementing security in GWT.

It's a typical use case:
let's say in your app, users can have different roles,
and you want to show only the relevant part of the UI, based on their

and I am talking about more than 3 roles.
eg:(Customer, BranchManager, Teller, CEO, System Admin)
(after all GWT is for larger apps, right ? )

on the back-end, i am planning to use Spring, and i'm going to use
Spring Security,
for authentication, fine-grained authorization, (method level, ACL),
it is a very mature framework and annotation based.

however, when it comes to the front-end UI, I don't know what is the
recommended practice to incorporate role-based security in MVP. (i
don't want the security checks get scattered across all methods on the
client, bloated code, if statements everywhere, security is a cross-
cutting concern, right? should i put it in the Activity/Presenter ?)

I see GWT 2.1 release addresses security concerns, for cross-site
scripting, and introducing SafeHtml.
but nothing related to authorization.

I would appreciate your insights and any feedback from google team,
perhaps a tutorial addressing this aspect of application security is
really needed !

is it possible for GWT team to introduce annotation-based support for
addressing security ?
does it make sense at all, or i'm missing something.

what have been your experiences in implementing security in GWT ?

Thank You

You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

No comments:

Post a Comment