开发者

Adding access control in GWT based applications

开发者 https://www.devze.com 2023-01-18 13:18 出处:网络
I have a GWT based application. I want to add access control to it. Is there a way to add custom access control for GWT components?
相关专题:access-controldesign-patternsgwt

I have a GWT based application. I want to add access control to it. Is there a way to add custom access control for GWT components?

My idea about adding access control/permissions would be as following.

  1. Add access control annotation (if there exists one) to the开发者_JAVA技巧 class (GWT component) for which I need to add access control.
  2. When this component gets rendered, my custom method which checks for access control rules get called and depending on its results the component gets rendered.

Any ideas of how this can be achieved.

In a GWT app I've done access control two ways, both assume that access control is enforced on the server - in every AJAX (GWT RPC) call. The javascript side is inherently unsafe, so any controls there would be pointless.

Depending on how fine grained access control I've needed, I've either used URL-based control by the servlet container protecting the GWT RPC end point. I.e.

/public/gwt.rpc.endpoint
/private/gwt.rpc.endpoint

Protect the private one using either bog standard web.xml, or spring security. However this then led me to handle logins the "normal" form-based way before launching the GWT application.

A more fine grained approach has been to use an exception on every GWT RPC exposed method:

interface MyService extends RemoteService {
  SomeData getPublicData();
  SomeSecret getPrivateData() throws AccessDeniedException; 
  Result login(String username, String password);
}

interface MyServiceAsync {
  void getPublicData(AsyncCallback<SomeData> callback);
  void getPrivateData(AsyncCallback<SomeSecret> callback);
  void login(String username, String password, AsyncCallback<Result> callback);
}

By making AccessDeniedException RPC serializable, I will receive that exception in the AsyncCallback - this makes it possible to throw up a login-dialog inside the GWT app.

However the actual login call and server side session handling I've then done completely manually not relying on any framework for that (though you could do it with Spring Security).

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9