[errai-dev] interceptors

Thomas Frühbeck fruehbeck at aon.at
Thu May 2 17:27:52 EDT 2013

Am 02.05.2013 13:17, schrieb Eric Wittmann:
> First, I just want to point out that, while I agree that the real 
> security constraints *must* live server-side, there are also 
> client-side security concerns.  You guys have already mentioned (and 
> agreed on) things like showing information about the current user.  I 
> wanted to add for the record (is there a record?? :)) that it would 
> also be extremely helpful in Errai to be able to bring the 
> roles/permissions across to the client so that UI elements (menu 
> items, buttons, entire pages) can be included/excluded easily based on 
> the user's permissions.  That's not security, but it would be great if 
> it were a standard part of the framework.
I absolutely agree, such functionality would have to be handcrafted, 
isn't it? No Principal/Credentials/Role etc in GWT...

> More importantly, Thomas - is there any chance you have either some 
> documentation or can point at the actual code to show examples of the 
> role/permission management you are using?

Eric, I am really sorry, no. But then it is a young project, still plain 
SeamSecurity in it's simplest form, really nothing spectacular. IMHO the 
important point is: correctness, stability, extendability. It's an 
inhouse project, authenticating via JAAS/Kerberos on central AD, so I 
would not like my colleagues to mistrust my security impl (leaking 
passwords or similar :-)
> On 05/02/2013 03:55 AM, Thomas Frühbeck wrote:
>>       - authentication by SeamSecurity (brings PicketLink, JAAS, 
>> powerful
>> role/permission managent) - perhaps later exchange with DeltaSpike? No
>> problem!

More information about the errai-dev mailing list