The technique evoqued on the ticket that you reffer could be applied into adding permission based annotations on the methods and verifying on the user if the user contains the permissions required by the annotation.
This would come with the overhead of adding an own *ServiceLayerDecorator *implementation. But in the ServiceLayerDecorator I'd need to obtain the User object from the session (with its rights associated in order to query if they match the security annotation on the service method to be called),but from the source code of the *RequestFactoryServlet *class i see (line 131 on http://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/web/bindery/requestfactory/server/RequestFactoryServlet.java?r=10212 ) that only the jsonString contained on the request is passed to be processed: String payload = processor.process(jsonRequestString); and not the whole HttpServletRequest object. Any hints on how I could obtain the currently logged in user in the *ServiceLayerDecorator *implementation? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/cUYS87u-MC0J. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
