My apologies for not getting back to you. I've been thinking about the correct answer. You describe the issue of the error being thrown if the user does not have the proper role. In our implementation that was considered sufficient, since it prevented the user from accessing a remote method they should not.
If you want to fail gracefully, you can redirect that method security exception to another page using your web.xml.
<!-- web.xml --> <error-page> <exception-type>org.springframework.security.access.AccessDeniedException</exception-type> <location>yourMethodAccessDenied.jsp</location> </error-page>
There are other ways in Spring to cleanly map these exceptions as detailed here. This would work well if you're using JSON or REST.
However, if you're using GWT-RPC, then I'm not sure how to make a clean response using the same RPC serializer that the client side GWT is expecting to hear back from. You would probably need to access more of the GWT-RPC internals to achieve that.
Sincerely,
Joseph
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/fNw4Oc9Xs_8J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment