Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Public part, Admin part with SpringSecurity: what implementation strategy is best?

    Dear smartGWT users.

    Consider an app that has a public part, and an administrator part.
    The server-side is secured by SpringSecurity.

    What is the best strategy to implement such a thing? I think of two options:

    1) Have two smartGWT projects, one for the public part, one for the admin part
    2) Have one smartGWT project, and put logic in it to show either the public part or the admin part.

    I am considering option 2 at the moment, for the sake of having everything in one project. Although option 1 might seem a better approach, I won't dismiss it before some of you have looked at it :-)

    So for option 2, there are some challenges: how to secure this? Because everything goes via IDACall. how to make an <intercept-url ... > pattern that distinguishes between calls meant for the 'admin' part and the 'public' part, so that we can secure them?

    Also, what if we would go for option 2, and want to be able to go to http://mydomain/admin to get to the admin part immediately?

    Would this be possible with option 2?

    Looking forward to considerations!
    Tags: None
    #2
    Is the following possible?
    Code:
      <servlet-mapping> 
    <servlet-name>IDACall</servlet-name>  
    <url-pattern>/modulename/sc/IDACall/*</url-pattern> 
    <url-pattern>/modulename/sc/public/IDACall/*</url-pattern> 
  </servlet-mapping>
    and then set in the .ds.xml files wether a specific operationBinding should route via .../public/IDACAll or via .../IDACall? Then we can configure the one url to be public and the other one not by SpringSecurity.
    Last edited by Kah0ona; 12 Nov 2010, 12:18.

    Comment

    Previous template Next
    Working...
    X