Erik Jan de Wit
edewit at redhat.com
Thu May 2 02:39:37 EDT 2013
On May 2, 2013, at 8:23 AM, Thomas Frühbeck <fruehbeck at aon.at> wrote:
> if I understand right, @InterceptedCall is a _client_ side interceptor, so I would not spend too much effort there :-)
>From my perspective it's like validation of the model if we can already do something on the client side we should do it there, but because this can be bypassed we cannot rely on it and have to do this on the server as well. And like you mention we can use CDI interceptors for this.
> - "logged in" is a conception, which is most critical server side, the client may not know about current state - checking client side won't really help
Why is it not allowed for the client to know about the current state? Can't I have something like hello #username on my page?
> - Errai-Bus is to be regarded as "outside" of container security context, because:
> - communication shall _normally_ not be prohibited by security - see Bus setup, Login-message
> - once a message is received, it will be executed
Could you elaborate on this? What do you suggest that we do?
More information about the errai-dev