[errai-dev] security
Erik Jan de Wit
edewit at redhat.com
Thu May 23 06:02:22 EDT 2013
Hi,
Good news I think I'm done with the security module, finally. But there is one last thing that is bothering me. Maybe someone has a solution I didn't think of.
Like I've explained before I have a 2 SecurityInterceptors one on the client and one on the server. With the client security interceptor I check the servers state and 'redirect' the user to the login page if he is not logged in. Because the client can be manipulated there is also a server side interceptor that will throw a exception if the user is not logged in.
This is all very nice and all a user will have to do is annotate the methods. I use the same annotation for both the client and the server side interceptor, but I have to annotate the remote interface and the service implementation e.g.
@Remote
public interface MessageService {
@RequireAuthentication
String hello();
@RequireRoles("admin")
String ping();
}
@Service
public class MessageServiceImpl implements MessageService {
@Inject
AuthenticationService authenticationService;
@Override
@RequireAuthentication
public String hello() {
What I don't like is that the user will need to keep these to in sync, do you guys have an idea to have only one of these but still have both of the interceptors triggered?
Cheers,
Erik Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/errai-dev/attachments/20130523/c91a8e40/attachment.html
More information about the errai-dev
mailing list