在GWT应用程序中处理授权 [英] Handle Authorization in GWT application

问题描述

我在GUI端使用GWT，在服务器端使用Java。

请建议一些代码来处理使用JAAS的授权。它是否支持GWT？有没有办法使用JAAS控制禁用和启用按钮？

是否有任何库可用于处理GWT应用程序的授权？

GWT 中的库。

这也不是很简单，因为授权主要在后端处理，并且存在大量不同的实现和模式（RBAC等）。
很难想出一个覆盖所有用例的通用方法。你可能不得不推出你自己的设计/系统。例如我们将 PermissionObjects （simple Beans）附加到 DTO 在客户端，我们检查权限并禁用或启用或显示窗口小部件（按钮，链接等）。

你当然可以通过扩展小部件和合并授权来想出更加奇特​​的通用解决方案。

只要记住一件事：永远不要相信客户。

当您禁用或隐藏在后端调用服务/功能的按钮时，请务必在后端再次检查权限。

I am planing to use JAAS for authorization purpose.

I am using GWT on GUI side and Java on server side.

Please suggest some code to handle authorization using JAAS. Does it has support for GWT?. Is there any way to control disable and enable button using JAAS?

Does any library available to handle authorization for GWT appliation?.

解决方案

AFAIK there is no library in GWT that handles authorization.

That's also not really straightforward as authorization is mainly handled on the backend and there is wide range of different implementations and patterns (RBAC, etc). It's really hard to come up with a generic approach that covers all the use cases. You probably have to roll your own design/systen.

For example we attach PermissionObjects (simple Beans) to DTOs that are sent to the wire to the client (GWT).
On the client side we check the permissions and disable or enable or display widgets(Buttons, Links, etc).

You can of course come up with a more fancy generic solution by extending widgets and incorporating authorization.

Just one thing to remember: Never trust the client.

So even when you disable or hide a button that calls a service/function on the backend, make sure to check the permissions again on the backend.

这篇关于在GWT应用程序中处理授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！