Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have GWT application and I want to secure it using spring security. I have my custom popup window where the login formular based on UI Binder is placed. I want to send credentials to server using RPC methods and then authenticate user against DB. Is that possible?
Yes, it’s possible, but you must consider, that GWT application is compiled into javascript and sent as an entire package to the client. So access to ‘static’ places, which does not retrieve data from server cannot be restricted using SI, since all the information is available on the client side from the very beginning. However, all request factory services (or other protocol you use) can be secured using Spring Security. If you use request factory you have to do couple of things:
j_spring_security_checkendpoint allowing user to authenticate and add appropriate SI annotations on the services level (if it requires authentication / authorization settings)createRequestCallback(RequestTransport.TransportReceiver receiver)method in order to be able to handle 403/401 server responses.j_spring_security_check. You can use GWT RequestBuilder easily to do it.That’s it!
Edit:
Of course spring must be aware of services you are securing (must exist within its container).