Jordi,
Yes the link you provided was excellent, with that I have spring
managed beans that are RPC services.
However I'm having trouble understanding how to add Spring Security to
that. Ideally I'd love to see that example expanded to show how to
add users, assign users role(s) & secure RPC methods.
For instance with your RemoteServiceImpl class I have been adding the
methods you had in your BaseRemoteRPCService class you put in
pastebin...but methods like onAfterRequestDeserialized(RPCRequest)
never get called. However if I add @Secured({"ROLE_USER"}) to your
TestServiceImpl service method it does fail because of authentication
(as expected)...but I don't know where that failure is coming from and
how to manage it.
I think I'm close but not quite understanding how to get the security
part to work properly.
-Dave
On Jun 22, 4:09 am, Jordi Planadecursach <planad...@gmail.com> wrote:
> Hello,
>
> Indeed you don't need the 2 autowired services. I use them since I
> have my own decisionManager. You can use a standard one, for example
> the role based. This means no autowireds neither
> "onAfterRequestDeserialized". If you don't play with sessions you
> don't need the workaround fix inide "handleRequest". Nevertheless
> "handleRequest" is compulsory because is the one that bridges the HTTP
> GET/POST to the RPC handler.
>
> I recommend you the following
> article:http://blog.maxmatveev.com/2010/04/spring-managed-gwt-remote-service....
>
> Hope it has been helpful.
>
> Jordi.
>
> On 18 Juny, 02:27, dhoffer <dhoff...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Could you also post your autowired beans setSecuredDecisionManager &
> > setSecurityMetadataSource?
>
> > Also since I just have plain GWT app (no JSP) can I assume that I
> > don't need the handleRequest() method? I assume the security work is
> > done in onAfterRequestDeserialized()?
>
> > Thanks,
> > -Dave
>
> > On Jun 15, 1:18 pm, "Jordi P.S." <planad...@gmail.com> wrote:
>
> > > I have a login JSP that uses the remember me feature.so I have my login
> > > under Spring Security.
>
> > > I have method security enabled in the RPC layer. All my RPCs extend a base
> > > class and then I used annotations on the methods to check for the
> > > permissions.
>
> > > Here the RPC Base Servlet class: http://pastebin.com/Z6mj4pZi
>
> > > On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote:
>
> > > > I'd like to get feedback on the best way to secure GWT apps with
> > > > Spring Security. I read several existing blogs about this online but
> > > > they are all (that I have found) quite old at this point.
> > > > Specifically what's the best way with GWT 2.4 and Spring Security
> > > > 3.1? Or is there a better way other than Spring Security?
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
