SessionHandlerListener and SessionRemoteServiceFilter are used only
for session handling - with each RPC request the sessionID is
tranfered in the payload and on the server side is request paired with
the session (based on sessionID from payload). (Security information
are stored in session)
If
Thanks Arthur and Peter for responding.
Peter, I looked at the Acris Security but I noticed that Acris
Security uses its own filter and not the Spring Security Filter. I
would like the Annotations in the GWT widget to correspond to the
Roles(authorities) from Spring Security not Roles that are
Acris has also the client conditional security. Have a look on:
http://code.google.com/p/acris/wiki/SecurityClient
Just annotate you panel with
@Secured(Grants.ROLE_ADMIN)
protected VerticalPanel mainPanel;
and it will displays only to users which has correct security
permission.
You can study
I am running GWT2.0.4 and Spring Security 3.03.
I am able to authenticate with Spring Security but have not found a
good way to conditionally render Widgets and Panels based on ROLES
from Spring Security.
For example: In the StockWatcher program, if a user has a ROLE_ADMIN
then I want to allow
Conditional rendering (i.e. hiding certain UI) would have to be done
manual or using something like Acris or Errai Workspace:
http://www.jboss.org/errai/Components/Workspaces.html. At the end of
the day, unless you're adding additional generator conditions to strip
non-admin parts based on