[errai-dev] interceptors
Thomas Frühbeck
fruehbeck at aon.at
Thu May 2 17:27:52 EDT 2013
Am 02.05.2013 13:17, schrieb Eric Wittmann:
> First, I just want to point out that, while I agree that the real
> security constraints *must* live server-side, there are also
> client-side security concerns. You guys have already mentioned (and
> agreed on) things like showing information about the current user. I
> wanted to add for the record (is there a record?? :)) that it would
> also be extremely helpful in Errai to be able to bring the
> roles/permissions across to the client so that UI elements (menu
> items, buttons, entire pages) can be included/excluded easily based on
> the user's permissions. That's not security, but it would be great if
> it were a standard part of the framework.
I absolutely agree, such functionality would have to be handcrafted,
isn't it? No Principal/Credentials/Role etc in GWT...
> More importantly, Thomas - is there any chance you have either some
> documentation or can point at the actual code to show examples of the
> role/permission management you are using?
Eric, I am really sorry, no. But then it is a young project, still plain
SeamSecurity in it's simplest form, really nothing spectacular. IMHO the
important point is: correctness, stability, extendability. It's an
inhouse project, authenticating via JAAS/Kerberos on central AD, so I
would not like my colleagues to mistrust my security impl (leaking
passwords or similar :-)
> On 05/02/2013 03:55 AM, Thomas Frühbeck wrote:
>> - authentication by SeamSecurity (brings PicketLink, JAAS,
>> powerful
>> role/permission managent) - perhaps later exchange with DeltaSpike? No
>> problem!
>
More information about the errai-dev
mailing list