GWT 应用程序中的用户角色
我想知道您是否可以建议我在 GWT 应用程序中实现“用户角色”的任何方法。我想实现一个 GWT 应用程序,用户登录并被分配“角色”。根据他们的角色,他们将能够查看和使用不同的应用程序领域。
我认为以下是两种可能的解决方案:
1) 一种可能的解决方案是在 onModuleLoad 期间对服务器进行 RPC 调用。该 RPC 调用将生成必要的小部件和/或将它们放置在面板上,然后将该面板返回到客户端。
2) 另一种可能的解决方案是在登录时进行 RPC 调用,从服务器用户角色检索并检查它们以了解用户可以执行哪些操作。
你觉得怎么样?
预先非常感谢您的帮助!
I'm wondering if you could suggest me any way to implement "user roles" in GWT applications. I would like to implement a GWT application where users log in and are assigned "roles". Based on their role, they would be able to see and use different application areas.
Here are two possible solution I thought:
1) A possible solution could be to make an RPC call to the server during onModuleLoad. This RPC call would generate the necessary Widgets and/or place them on a panel and then return this panel to the client end.
2) Another possible solution could be to make an RPC call on login retrieving from server users roles and inspecting them to see what the user can do.
What do you think about?
Thank you very much in advance for your help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
另一种方法是将 GWT 应用程序托管在 JSP 页面中。您的 JSP 可能包含这样的代码片段
,其中 ${role} 是根据您从关联的 servlet/控制器计算并公开给 JSP 的值扩展的表达式语言。
当您的 GWT 应用程序在浏览器中运行时,该值将被填写。您的 GWT 应用程序可以轻松调用 JS 以从本机方法调用中获取该值,例如,
因此您的模块可以调用 getRole()、测试该值并执行隐藏/显示元素的操作。
显然,你的后端还应该强制执行该角色(例如,通过将其存储在会话中并在适当的情况下进行测试),因为有人可以通过 JS 调试器运行页面,设置断点或类似的内容,在评估之前修改值,从而允许他们访问内容他们不应该访问。
Another way is to host your GWT app in a JSP page. Your JSP might contain a snippet of code like this
Where ${role} is expression language expanded from value you computed from the associated servlet / controller and exposed to the JSP.
When your GWT app runs in the browser, the value will be filled out. Your GWT app can easily call out into JS to obtain this value from a native method call, e.g.
So your module could invoke getRole(), test the value and do what it likes to hide / show elements.
Obviously your backend should also enforce the role (e.g. by storing it in the session and testing it where appropriate) since someone could run the page through a JS debugger, setting breakpoint or similar that modifies the value before it is evaluated allowing them to access things they shouldn't be accessing.
以下场景适合我:
如果不仅隐藏事物而且强制执行它们也很重要,您可以使用容器安全性并在调用业务方法时检查角色和权限。
使用 GIN 时,您还可以创建单例类来存储登录期间检索到的角色,并将其注入到您需要的任何地方。
Following scenario works for me:
If it's crucial to not only hide things but also enforce them you can use container security and check roles and rights while invoking business methods.
While using GIN you can also create singleton class to store roles retrieved during login and inject it wherever you need it.