User roles in GWT applications

Discussion in 'Java' started by carmelo, Mar 7, 2011.

  1. carmelo

    carmelo Guest

    Hi everybody,
    I'm wondering if you could suggest me any way to implement "user
    roles" in GWT applications. I would like to implement a GWT
    application where users log in and are assigned "roles". Based on
    their role, they would be able to see and use different application
    areas.

    Thank you very much in advance for your help!
     
    carmelo, Mar 7, 2011
    #1
    1. Advertising

  2. carmelo

    Lew Guest

    carmelo wrote:
    > Hi everybody,
    > I'm wondering if you could suggest me any way to implement "user
    > roles" in GWT applications. I would like to implement a GWT
    > application where users log in and are assigned "roles". Based on
    > their role, they would be able to see and use different application
    > areas.


    http://lmgtfy.com/?q=Implementing user roles in Java with GWT

    --
    Lew
    Honi soit qui mal y pense.
     
    Lew, Mar 7, 2011
    #2
    1. Advertising

  3. carmelo

    Arne Vajhøj Guest

    On 07-03-2011 16:25, carmelo wrote:
    > I'm wondering if you could suggest me any way to implement "user
    > roles" in GWT applications. I would like to implement a GWT
    > application where users log in and are assigned "roles". Based on
    > their role, they would be able to see and use different application
    > areas.


    The real GWT code execute client side.

    Client side checks are for convenience not for security.

    So you should secure your server side (GWT RPC calls or
    some custom REST or whatever) with user roles.

    For convenience you can have the app request roles
    from the server and act based on that.

    Arne
     
    Arne Vajhøj, Mar 8, 2011
    #3
  4. carmelo

    carmelo Guest

    > The real GWT code execute client side.
    >
    > Client side checks are for convenience not for security.
    >
    > So you should secure your server side (GWT RPC calls or
    > some custom REST or whatever) with user roles.
    >
    > For convenience you can have the app request roles
    > from the server and act based on that.


    Thank you for your answer Arne.
    Therefore a good way could be to retrieve user roles from server with
    an RPC call. How would you implement "user roles"? A sort of
    "permissions" list for the logged user, retrieved from server,
    generated from the groups the user belongs to.

    What do you think about?

    Is there any framework which could help me on this?
     
    carmelo, Mar 8, 2011
    #4
  5. carmelo

    carmelo Guest

    I'm also considering java security frameworks like Apache Shiro and
    Spring Security... What do you think about them?
     
    carmelo, Mar 8, 2011
    #5
  6. carmelo

    markspace Guest

    On 3/8/2011 7:17 AM, carmelo wrote:
    > I'm also considering java security frameworks like Apache Shiro and
    > Spring Security... What do you think about them?


    I would start with the basics:

    <http://download.oracle.com/javaee/5/tutorial/doc/bncav.html>

    I don't have any opinions on specific frameworks or implementations.
     
    markspace, Mar 8, 2011
    #6
  7. carmelo

    Arne Vajhøj Guest

    On 08-03-2011 09:23, carmelo wrote:
    >> The real GWT code execute client side.
    >>
    >> Client side checks are for convenience not for security.
    >>
    >> So you should secure your server side (GWT RPC calls or
    >> some custom REST or whatever) with user roles.
    >>
    >> For convenience you can have the app request roles
    >> from the server and act based on that.

    >
    > Thank you for your answer Arne.
    > Therefore a good way could be to retrieve user roles from server with
    > an RPC call. How would you implement "user roles"? A sort of
    > "permissions" list for the logged user, retrieved from server,
    > generated from the groups the user belongs to.
    >
    > What do you think about?
    >
    > Is there any framework which could help me on this?


    Roles is a part of servlets, so any servlet container
    already has them.

    Arne
     
    Arne Vajhøj, Mar 8, 2011
    #7
  8. carmelo

    Arne Vajhøj Guest

    On 08-03-2011 10:17, carmelo wrote:
    > I'm also considering java security frameworks like Apache Shiro and
    > Spring Security... What do you think about them?


    What do you need from them that standard servlet users and
    roles does not provide?

    Arne
     
    Arne Vajhøj, Mar 8, 2011
    #8
  9. carmelo

    carmelo Guest

    My purpose is to develop a role-based UI developed with GWT, where
    users have hierarchical roles.

    So, related problems are:

    - How to implement hierarchical roles. Using security frameworks, or
    manually creating db tables and java code?
    - How to check user permissions, based on user roles, client-side and
    server-side. Checking user roles server-side and communicating a list
    of user permissions to client-side through an RCP call on login?
     
    carmelo, Mar 9, 2011
    #9
  10. carmelo

    Tom Anderson Guest

    On Tue, 8 Mar 2011, Arne Vajhøj wrote:

    > On 08-03-2011 10:17, carmelo wrote:
    >> I'm also considering java security frameworks like Apache Shiro and
    >> Spring Security... What do you think about them?

    >
    > What do you need from them that standard servlet users and roles does
    > not provide?


    I don't know what Carmelo needs, but here are some of the things he could
    have:

    http://www.acegisecurity.org/faq.html#Why not just use web.xml security?
    http://www.acegisecurity.org/ (bullet points at the top)

    My own personal beef with J2EE security is that, as with some other bits
    of J2EE, critical bits of configuration are container-specific. One of the
    things Acegi does, according to its claims, is overcome that.

    tom

    --
    It's just really fucking good and that's all. -- Gabe, on the Macintosh
     
    Tom Anderson, Mar 10, 2011
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bryan

    Something similar to GWT?

    Bryan, Nov 24, 2006, in forum: Java
    Replies:
    1
    Views:
    898
  2. Wesley Hall

    GWT experiences...

    Wesley Hall, Nov 27, 2006, in forum: Java
    Replies:
    1
    Views:
    383
  3. Tarkin

    Struts + Velocity + GWT

    Tarkin, May 8, 2007, in forum: Java
    Replies:
    7
    Views:
    2,000
    sokol
    Jun 25, 2007
  4. What is GWT?

    , Nov 2, 2007, in forum: Java
    Replies:
    1
    Views:
    316
  5. Jéjé
    Replies:
    0
    Views:
    238
    Jéjé
    Sep 27, 2005
Loading...

Share This Page