Thanks Arthur and Peter for responding.
Peter, I looked at the Acris Security but I noticed that Acris
Security uses its own filter and not the Spring Security Filter. I
would like the Annotations in the GWT widget to correspond to the
Roles(authorities) from Spring Security not Roles that are from Acris
Filters. Please correct me if I misunderstood Acris Security
If i annotate
@Secured(Grants.ROLE_ADMIN)
protected VerticalPanel mainPanel;
then the ROLE_ADMIN should correspond to the authorities I retrieved
back from Spring Security authentication provider as configured in
applicationContext-security.xml.
<authentication-manager>
<authentication-provider user-service-ref='UserDetailsService'/>
</authentication-manager>
<beans:bean id="UserDetailsService"
class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="dataSource" ref="dataSource"/>
<beans:property name="usersByUsernameQuery">
<beans:value>SELECT LOGIN_NAME AS username,PASSWORD AS
password,ACTIVE AS active FROM USERS WHERE LOGIN_NAME = ?</
beans:value>
</beans:property>
<beans:property name="authoritiesByUsernameQuery">
<beans:value>SELECT a.LOGIN_NAME AS username,b.NAME AS role_name
FROM USERS a, ROLE b, SEC_USER_ROLE c WHERE a.ID = c.UID and b.id =
c.ROLE_ID and a.LOGIN_NAME = ?</beans:value>
</beans:property>
</beans:bean>
Acris uses SessionRemoteServiceFilter and Spring Security uses
org.springframework.web.filter.DelegatingFilterProxy
In http://code.google.com/p/acris/wiki/SecurityQuickStart, it mentions
that we should use SessionRemoteServiceFilter
<filter>
<filter-name>SessionFilter</filter-name>
<filter-
class>sk.seges.acris.security.server.SessionRemoteServiceFilter</
filter-class>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-
class>sk.seges.acris.security.server.SessionHandlerListener</listener-
class>
</listener>
where Spring Security requires
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</
filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-
class>org.springframework.web.context.ContextLoaderListener</listener-
class>
</listener>
On Jul 27, 8:37 am, Peter Simun <si...@seges.sk> wrote:
> Acris has also the client "conditional"security. Have a look
> on:http://code.google.com/p/acris/wiki/SecurityClient
>
> Just annotate you panel with
> @Secured(Grants.ROLE_ADMIN)
> protected VerticalPanel mainPanel;
>
> and it will displays only to users which has correctsecurity
> permission.
>
> You can study more in the
> showcase:http://acris.googlecode.com/svn/trunk/acris-security-showcase
>
> Peter
>
> On 21. Júl, 00:46 h., seanrocket <seanrocketjohnc...@gmail.com> wrote:
>
> > I am running GWT2.0.4 andSpringSecurity3.03.
>
> > I am able to authenticate withSpringSecuritybut have not found a
> > good way to conditionally render Widgets and Panels based on ROLES
> > fromSpringSecurity.
>
> > For example: In the StockWatcher program, if a user has a ROLE_ADMIN
> > then I want to allow that person to add a addPanel. But If the user
> > has a role such as ROLE_GUEST who is not a ROLE_ADMIN, that user
> > should not see the panel
>
> > I would like to do something like:
> > public void onModuleLoad() {
> > .....
> > // Assemble Main panel.
> > mainPanel.add(stocksFlexTable);
> > if(SpringSecurityRole == "ROLE_ADMIN"){
> > mainPanel.add(addPanel);
> > }
> > mainPanel.add(lastUpdatedLabel);
> > ......
> > }
> > I knowUIconditionalrendering can be easily accomplished using jsp
> > and theSpringSecuritytags (as shown below). But we don't want to
> > use jsp
>
> > <sec:authorize access="hasRole('ROLE_ADMIN')">
> > <input type="submit" value="Add" />
> > </sec:authorize>
>
> > I have searched gwt forums , google groups and other GWT book forum
> > andSpringbook forums and have not found a good solution.
>
> > I've tried the acrissecurityhttp://code.google.com/p/acris/wiki/Introduction
> > but the roles don't seem to come fromSpringSecuritybut rather its
> > own implementation. It usesSpringSecurityfor server sidesecurity
> > notUIconditionalrendering.UIconditionalrenderingROLES come from
> > its own filter
> > sk.seges.acris.security.server.SessionRemoteServiceFilter and user
> > define Grants interface.
>
> > I've also tried gwt-incubator
> > libhttp://code.google.com/p/gwt-incubator-lib/butthat seems to only
> > cover authentication and noconditionalrendering.
>
> > I've seen some news feed about calling back toSpringSecuritybut
> > didn't know how to accomplish the actual calls.
>
> > DoCheckUserAuth checkAuth = new DoCheckUserAuth(); boolean b =
> > checkAuth.askServerAboutUser();
> > if(b){
> > RootPanel.get("formPoint").set(new PrivateForm);}
> > else
> > {
> > RootPanel.get("messagePoint").set(new Label("Please, pass
> > authorization"));
>
> > Your help is much appreciated
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
