Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > User roles in GWT applications

Reply
Thread Tools

User roles in GWT applications

 
 
carmelo
Guest
Posts: n/a
 
      03-07-2011
Hi everybody,
I'm wondering if you could suggest me any way to implement "user
roles" in GWT applications. I would like to implement a GWT
application where users log in and are assigned "roles". Based on
their role, they would be able to see and use different application
areas.

Thank you very much in advance for your help!
 
Reply With Quote
 
 
 
 
Lew
Guest
Posts: n/a
 
      03-07-2011
carmelo wrote:
> Hi everybody,
> I'm wondering if you could suggest me any way to implement "user
> roles" in GWT applications. I would like to implement a GWT
> application where users log in and are assigned "roles". Based on
> their role, they would be able to see and use different application
> areas.


http://lmgtfy.com/?q=Implementing+us...+Java+with+GWT

--
Lew
Honi soit qui mal y pense.
 
Reply With Quote
 
 
 
 
Arne Vajh°j
Guest
Posts: n/a
 
      03-08-2011
On 07-03-2011 16:25, carmelo wrote:
> I'm wondering if you could suggest me any way to implement "user
> roles" in GWT applications. I would like to implement a GWT
> application where users log in and are assigned "roles". Based on
> their role, they would be able to see and use different application
> areas.


The real GWT code execute client side.

Client side checks are for convenience not for security.

So you should secure your server side (GWT RPC calls or
some custom REST or whatever) with user roles.

For convenience you can have the app request roles
from the server and act based on that.

Arne
 
Reply With Quote
 
carmelo
Guest
Posts: n/a
 
      03-08-2011
> The real GWT code execute client side.
>
> Client side checks are for convenience not for security.
>
> So you should secure your server side (GWT RPC calls or
> some custom REST or whatever) with user roles.
>
> For convenience you can have the app request roles
> from the server and act based on that.


Thank you for your answer Arne.
Therefore a good way could be to retrieve user roles from server with
an RPC call. How would you implement "user roles"? A sort of
"permissions" list for the logged user, retrieved from server,
generated from the groups the user belongs to.

What do you think about?

Is there any framework which could help me on this?
 
Reply With Quote
 
carmelo
Guest
Posts: n/a
 
      03-08-2011
I'm also considering java security frameworks like Apache Shiro and
Spring Security... What do you think about them?
 
Reply With Quote
 
markspace
Guest
Posts: n/a
 
      03-08-2011
On 3/8/2011 7:17 AM, carmelo wrote:
> I'm also considering java security frameworks like Apache Shiro and
> Spring Security... What do you think about them?


I would start with the basics:

<http://download.oracle.com/javaee/5/tutorial/doc/bncav.html>

I don't have any opinions on specific frameworks or implementations.
 
Reply With Quote
 
Arne Vajh°j
Guest
Posts: n/a
 
      03-08-2011
On 08-03-2011 09:23, carmelo wrote:
>> The real GWT code execute client side.
>>
>> Client side checks are for convenience not for security.
>>
>> So you should secure your server side (GWT RPC calls or
>> some custom REST or whatever) with user roles.
>>
>> For convenience you can have the app request roles
>> from the server and act based on that.

>
> Thank you for your answer Arne.
> Therefore a good way could be to retrieve user roles from server with
> an RPC call. How would you implement "user roles"? A sort of
> "permissions" list for the logged user, retrieved from server,
> generated from the groups the user belongs to.
>
> What do you think about?
>
> Is there any framework which could help me on this?


Roles is a part of servlets, so any servlet container
already has them.

Arne

 
Reply With Quote
 
Arne Vajh°j
Guest
Posts: n/a
 
      03-08-2011
On 08-03-2011 10:17, carmelo wrote:
> I'm also considering java security frameworks like Apache Shiro and
> Spring Security... What do you think about them?


What do you need from them that standard servlet users and
roles does not provide?

Arne

 
Reply With Quote
 
carmelo
Guest
Posts: n/a
 
      03-09-2011
My purpose is to develop a role-based UI developed with GWT, where
users have hierarchical roles.

So, related problems are:

- How to implement hierarchical roles. Using security frameworks, or
manually creating db tables and java code?
- How to check user permissions, based on user roles, client-side and
server-side. Checking user roles server-side and communicating a list
of user permissions to client-side through an RCP call on login?
 
Reply With Quote
 
Tom Anderson
Guest
Posts: n/a
 
      03-10-2011
On Tue, 8 Mar 2011, Arne Vajh°j wrote:

> On 08-03-2011 10:17, carmelo wrote:
>> I'm also considering java security frameworks like Apache Shiro and
>> Spring Security... What do you think about them?

>
> What do you need from them that standard servlet users and roles does
> not provide?


I don't know what Carmelo needs, but here are some of the things he could
have:

http://www.acegisecurity.org/faq.htm...ml%20security?
http://www.acegisecurity.org/ (bullet points at the top)

My own personal beef with J2EE security is that, as with some other bits
of J2EE, critical bits of configuration are container-specific. One of the
things Acegi does, according to its claims, is overcome that.

tom

--
It's just really ****ing good and that's all. -- Gabe, on the Macintosh
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
user.roles -- How do you list the role names of the user? Bob Sanders Ruby 6 11-10-2007 01:40 AM
GWT experiences... Wesley Hall Java 1 11-28-2006 11:13 PM
Something similar to GWT? Bryan Java 1 11-24-2006 07:30 AM
Google Web Toolkit (GWT) for Linux Au79 Computer Support 0 05-18-2006 03:41 PM
Application level roles + Item level roles... how to do it? JÚjÚ ASP .Net Security 0 09-26-2005 11:06 PM



Advertisments