hi there, i'm developing an application that came into a common use
case when HTML is generated from server side, which is whether to
include or not an element in the output based on security constraints
applicable for the current user only.
some security frameworks, like the one we're using (apache shiro),
provides special jsp / gsp tags to achieve this, like
<g:hasPermission("somekey">.... then render component.
can you point me some patterns or information to achieve the same
thing with GWT?
my first approach was to use the constructor of a composite with a
security constraint container, so i can do the typical question:
if (securityContainer.hasPermission()) {
add or show o enable the button.....
} else {
//no button to push
}
being the security constraint container a simple JSObject obtained
from the server with an rpc service.
and only when it is available, the widgets are creted.
but this is not only a bad solution, in terms of coding standards but
also brings a question: wouldn't the security constraint container be
available to a DOM inspector for analysis? some kind of a BIG HOLE in
security?
i know i can create a secure version of every widget i need to
protect, but, the security constraints problem is the same.
any ideas would be appreciated.
thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
