Best practice securing GWTP application

Question

I am working on application using GWT platform, and now i want to add security part. What is the best practice to do this? My requirements for security are:

• having user authorities;
• hide some places from users without required authorities;
• hide some elements on page from users without required authorities;
• secure server side from unauthorized requests;
• comfortable managing all of this things (like in spring using annotations or something like this )

Answer 1

having user authorities;

Model your users with permission atribute, like

 private int user_type;

hide some places from users without required authorities;

Use the concept of Gate Keeper

A Gate Keeper is Singleton that obligates you to inherit a method called

boolean canReveal()

Using this, you can call server and search for user permission, then reveal or not the presenter called.

If a Presenter need security, just add @UseGateKeeper on it Proxy interface, like:

SomePresenter extends Presenter<V,P>{
       @UseGateKeeper(YourGateKeeper.class)
       SomePresenterProxy extends ProxyPlace{}
}

This will block users without some permission to access a presenter.

hide some elements on page from users without required authorities;

A good question, I've never seen this type of security in GWTP Projects. But you can always use Widget.setVisible(false) ;D, but I don't know if gwtp has a good practice for this.

secure server side from unauthorized requests;

GWTP GWTP makes it possible to link each of your ActionHandlers with a server-side ActionValidator that determines whether or not the current client can execute the action

You can hide some server calls using ActionValidator's.

read this

comfortable managing all of this things (like in spring using annotations or something like this)

As you can see, many of this security concepts use Annotations and other's stuff to manage easily your Application.