Friday, July 26, 2013

Re: GWT and Web Security

Thanks Thomas that's good information.  I too have found that best practices for securing GWT applications difficult to come by.  There are just bits and pieces on the web...and if you get the Spring Security book, for example as I did, they don't even mention GWT.  What's needed are some comprehensive examples showing some best practices around security in the context of GWT.

As you would be great if you could make your ServiceLayerDecorator public too that would really help.  You recommend AOP and possibly Guice, what do you use to implement the actual security, Spring/Acegi?  What about OpenID support/etc?  I know Spring Security can use an AOP approach...I didn't know that Guice could do that.  If you could elaborate on this it would be super helpful.

(Btw, I'm using Guice for IoC but didn't know it could help with security.)

On Thursday, July 25, 2013 4:39:53 PM UTC-6, wrote:
Hi ,

I am navigating my way through GWT  - and hit a major conceptual roadblock with security issues.

If i want to implement security ( authentication and authorization) in my GWT webapp( doesn't include app-engine) what is conceptually the best Framework ( for example shiro , acegi etc) to use.

I tried shiro but the shiro concept of using a separate loginUrl and successUrl doesnot go down well with my understanding of GWT single page application.

Also I want to use widget level authorization - depending on the authorization of logged in user , widgets are made visible or invisible etc - so looking for a very fine grained authorization framework.

Which is the best way for me to look? Any samples/tutorials will be highly appreciated.


You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment