There is a pure GWT solution here:GWT Spring Security Integration (PURE GWT, NO JSP)
1,Do not use http element at all (http tag from config namespace)
2,Define your AuthenticationRpcService
3,Add AuthenticationRpcService.authenticate(user,password) method
4,Inject into AuthenticationServiceImpl AuthenticationProvider bean from security-context.xml
5,Implement AuthenticationRpcService.authenticate(user,password) as :
User user = new User(login, password, true, true, true, true, new ArrayList<GrantedAuthority>()); Authentication auth = new UsernamePasswordAuthenticationToken(user, password, new ArrayList<GrantedAuthority>()); try { auth = this.authenticationProvider.authenticate(auth); } catch (BadCredentialsException e) { throw new ClientSideBadCredentialsException(e.getMessage(), e); } SecurityContext sc = new SecurityContextImpl(); sc.setAuthentication(auth); SecurityContextHolder.setContext(sc);
6,Ensure that spring security filter chain is executed during processing of each your GWT RPC call (to be sure that SecurityContext populated into SecurityContextHolder).
7,Secure all business services with @RolesAllowed({ "ADMIN_ROLE", "USER_ROLE" }) annotations
8,Prepare your own ClientSideAcessDeniedException that can be used on client side
9,In a case of spring AcessDeniedException propogate ClientSideAcessDeniedException to client side
10,On client side set up UncaughtExceptionHandler via GWT.setUncaughtExceptionHandler
11,In UncaughtExceptionHandler detect CustomAcessDeniedException and then show error to user.
The big problem of this solution is that every service must be annotated,so any elegant solution to solve this problem?
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment