i want to check this code but the link is broken On Wednesday, December 21, 2011 10:38:04 AM UTC-4, Thomas Broyer wrote: > > > > On Wednesday, December 21, 2011 3:18:25 PM UTC+1, EMan wrote: >> >> there have been several posts on RequestFactory security, but I am still >> not clear. the sample code here: >> >> http://code.google.com/p/google-web-toolkit/source/browse/trunk/samples/expenses/src/main/java/com/google/gwt/sample/gaerequest/#gaerequest >> >> uses a filter to determine if a user can access the RequestFactory >> service. But what happens once a user authenticates? does he have access >> to all back end request? >> > > Yes. > > >> ie, if I have a findById method and a findAll (for my admin users) method >> in my locator, could a user authenticate, then post to either and receive >> all the data in my table? >> > > Yes. > > >> How do we authenticate individual types of request? >> > > Either do it at the start of each method (use > RequestFactoryServlet.getThreadLocalRequest().getUserPrincipal() to get the > current user). > Or create a ServiceLayerDecorator and override the > invoke(Method,Object...) method to add the check (probably based on some > annotation on the method). > I believe you could also use "standard AOP" (Spring AOP or Guice AOP, > probably also AspectJ or similar) on your services. > > We use the second approach, it works very well. > >
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
