Monday, November 29, 2010

Re: ACL in GWT

Hi,

Here is my take on how to do ACL (Access Control Lists) on a GWT
RPC server (servlet).

http://cvs.adligo.org/viewvc/adi_gwt_rpc_servlet/src/org/adligo/i/adi/server/rpc/AdiControllerServlet.java?view=markup

Spring Security (and all other web 1.0 style HttpFilter security can
only secure at the url level (servlet mapping),
the above servlet allows you to inject security filter code right
after de-serilization).

Cheers,
Scott

On Nov 24, 9:00 am, Baloe <nielsba...@gmail.com> wrote:
> Hi,
>
> Yup of course, I am talking about the serverside, 'RPC' is quite
> serverside ;)
>
> Thanks for the suggestions, I'm looking into these.
>
> Thanks!
> Niels
>
> On 24 nov, 13:53, Didier Durand <durand.did...@gmail.com> wrote:> Hi Baloe,
>
> > You should definitely implement security in the back-end rather than
> > in the front-end: you have to keep in mind that your back-end may be
> > called by something else than your js code generated by GWT. You're
> > then in bad shape if your back-end services accept any request without
> > checking.
>
> > So, make sure that the framworks / mechanisms that you use respect
> > this.
>
> > regards
> > didier
>
> > On Nov 24, 1:33 pm, ep <eplisc...@googlemail.com> wrote:
>
> > > hi, you might want to take a look athttp://code.google.com/p/gwt-security/
> > > orhttp://code.google.com/p/acris/
>
> > > On 24 Nov., 11:56, Baloe <nielsba...@gmail.com> wrote:
>
> > > > Hi all,
>
> > > > I wonder what is the best way to put ACL in our GWT project. Is there
> > > > any mechanism in GWT build-in to grand users to specific RPC calls, or
> > > > something similar? Our should we just insert Spring Security
> > > > somewhere?
>
> > > > Thanks for any hints!
> > > > Niels

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

No comments:

Post a Comment