Re: How to handle application state ?

what about security implication of storing the info on the client ?

I think, if you are dealing with Role-Based Security/Access Control
List (ACL)/ Authorization,
"everytime" user goes to a new place, you need a server call to check
"on the server" whether the user is authorized to view a given screen.

I think somewhere in the ActivityMapper, when mapping a place to
activity, the authorization check (a call to the server) should be
performed.

username.isAuthorizedtoEdit(object)
a check to see whether a user has a permission to do certain operation
on a certain object,
through a server call, before presenting user with a new screen.

GWT generates Javascript, and all the code you write in Java, end up
as Javascript in client.
malicious users can use the client-side javascript to attack.

You need a "server call", EVERYTIME user needs to see a new screen/
goes to a new place, to check for permissions.

you can use a Cache on the server to store this information. like
Ehcache/MemCache.
you populate this cache once the user logs in, and use it for
subsequent calls, to avoid database roundtrip.

I would like to know what the community thinks of this approach,
and what is the preferred way for dealing with Role-Based-Security, in
GWT MVP framework.
I understand it is essential to be checked on the server, but would
like to know the best practice
to integrate the serverside security with gwt-mvp.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.