On Wed, Sep 1, 2010 at 6:42 AM, Magnus <alpineblas...@googlemail.com> wrote:
> Hi Thomas, > > I have thought about this the whole day now and it really sounds > interesting to me to give it a try with external login, but - if I > understood you right - I see a big disatvantage: > > Many applications are not or should not be usable at all when the user > is not logged in. But there are also applications that should be > usable (in a limited way) without login. > > Consider eBay: You can search and browse as nobody, but if you want to > sell, you have to sign in. Or consider a chess application: You can > watch everything, but if you want to create a new game, you have to > sign in first. Consider a forum: You can read a lot, but not > everything, but after you login, you can read everything and also > write. > > So my problem is that with your method I had to lock out all guest > users that just want to come and see what is going on there! > > For now, I am not sure if I understood you right. In addition I am > thinking about a "dummy user" to let guests come into my application, > but I am not sure if this is a solution. > > What do you think about this? > You're on the right track. Consider separating authentication (who are you) from authorization (what can you do). You have a /guest/ role along side a /user/ role. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.