Am 02.05.2013 13:17, schrieb Eric Wittmann:
First, I just want to point out that, while I agree that the real
security constraints *must* live server-side, there are also
client-side security concerns. You guys have already mentioned (and
agreed on) things like showing information about the current user. I
wanted to add for the record (is there a record?? :)) that it would
also be extremely helpful in Errai to be able to bring the
roles/permissions across to the client so that UI elements (menu
items, buttons, entire pages) can be included/excluded easily based on
the user's permissions. That's not security, but it would be great if
it were a standard part of the framework.
I absolutely agree, such functionality
would have to be handcrafted,
isn't it? No Principal/Credentials/Role etc in GWT...
More importantly, Thomas - is there any chance you have either some
documentation or can point at the actual code to show examples of the
role/permission management you are using?
Eric, I am really sorry, no. But then it is a young project, still plain
SeamSecurity in it's simplest form, really nothing spectacular. IMHO the
important point is: correctness, stability, extendability. It's an
inhouse project, authenticating via JAAS/Kerberos on central AD, so I
would not like my colleagues to mistrust my security impl (leaking
passwords or similar :-)
On 05/02/2013 03:55 AM, Thomas Frühbeck wrote:
> - authentication by SeamSecurity (brings PicketLink, JAAS,
> powerful
> role/permission managent) - perhaps later exchange with DeltaSpike? No
> problem!