So it seems the answers you have given are two-fold. I hadn't really got to thinking about securing the server yet as I am just building a prototype and still learning as I go. However, now seems as good a time as any to secure the RPC calls. Would something as simple as this do the trick, inside the function in the ProgServiceImpl:
if(loginInfo.isAdminUser())
{
// perform RPC call as usual and return
}
else
{
throw UserNotAdminException("blah");
}
On to the client code... Craig, are you saying that it is best to have all of the admin and regular controls in the uibinder template, and then hide things if the user is not an admin? This seems illogical to me, as most users are not admins so they are downloading code that they will never see? Am I missing something? Is this where deferred binding comes in?
Thanks again for you help. I'll get securing those RPC methods!
Drew
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/cFI3x5zWRYcJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment