Hi,
On May 2, 2013, at 8:23 AM, Thomas Frühbeck <fruehbeck(a)aon.at> wrote:
Hi,
if I understand right, @InterceptedCall is a _client_ side interceptor, so I would not
spend too much effort there :-)
From my perspective it's like validation of the model if we can
already do something on the client side we should do it there, but because this can be
bypassed we cannot rely on it and have to do this on the server as well. And like you
mention we can use CDI interceptors for this.
- "logged in" is a conception, which is most critical
server side, the client may not know about current state - checking client side won't
really help
Why is it not allowed for the client to know about the current state? Can't I have
something like hello #username on my page?
- Errai-Bus is to be regarded as "outside" of container
security context, because:
- communication shall _normally_ not be prohibited by security - see Bus setup,
Login-message
- once a message is received, it will be executed
Could you elaborate on this? What do you suggest that we do?
Cheers,
Erik Jan