问题
I am planing to use JAAS for authorization purpose.
I am using GWT on GUI side and Java on server side.
Please suggest some code to handle authorization using JAAS. Does it has support for GWT?. Is there any way to control disable and enable button using JAAS?
Does any library available to handle authorization for GWT appliation?.
回答1:
AFAIK there is no library in GWT that handles authorization.
That's also not really straightforward as authorization is mainly handled on the backend and there is wide range of different implementations and patterns (RBAC, etc). It's really hard to come up with a generic approach that covers all the use cases. You probably have to roll your own design/systen.
For example we attach PermissionObjects (simple Beans) to DTOs that are sent to the wire to the client (GWT).
On the client side we check the permissions and disable or enable or display widgets(Buttons, Links, etc).
You can of course come up with a more fancy generic solution by extending widgets and incorporating authorization.
Just one thing to remember: Never trust the client.
So even when you disable or hide a button that calls a service/function on the backend, make sure to check the permissions again on the backend.
回答2:
The Spring Security 3.1 provides functionality for user authentication and authorization.
回答3:
If you're searchig to go further by controlling what is visible/enabled to the user (authorizations), and how it is displayed. I just created a solution for that. I hope you'll enjoy:
Use the project UiBinderAutho to catch widget creation and adapt them to your needs (connected profile ui, rights, widget handlers). Some explanations here http://ziedhamdi.github.io/UiBinderAutho/
here are the github projects https://github.com/ziedHamdi
来源:https://stackoverflow.com/questions/14973628/handle-authorization-in-gwt-application