Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing a GWT application and and I need to only load certain widgets based on User Roles. For eg. there maybe admin widgets, user widgets etc.
Any thoughts how I can implement this?
One option is that I can check the role in the code and hide them. But since this code gets Executed at the client side I think this is a security risk.
You should manage the roles on server side:
Pass the role somehow to your Root widget.
RPCcall to server duringonModuleLoadto ask the RoleOr simply pass it from JSP to JS and use native
getfrom the Widget.Build required panel
Yes, you still have some risk, since all your js code in on the client, and it can modify the flow using JS debug. To prevent this you need to filter all calls to server side from
Adminwidgets and make them failing without successful result for example. So, admin widget can do nothing, because all calls to Server will fail.If it still not safe enough for you – then you can use separate GWT
Entry Points. In this case you will forward clients to separate pages with separate JS code.