Is there any link between Gin and Guice?

107 views
Skip to first unread message

Drew Spencer

unread,
May 9, 2012, 10:42:38 AM5/9/12
to gwt-pl...@googlegroups.com
Hi coders,

I have just implemented a Login action, which populates a singleton instance of LoginInfo using Gin, like this:

// pass LoginInfo instance to the singleton held by Gin, which calls initialize() to fill the fields.
ginjector.getLoginInfo().initialize(result.getLoginInfo());

Now I have done that, I need to make a call to the server, and I need to access my LoginInfo singleton instance on the server side.

So I am wondering if I can somehow copy the same singleton from gin to guice, so that I can use @Inject on the constructor of my ActionHandler?

I understand that Gin is only on client-side and guice is on server-side. I tried using @Inject on the server but it seems to just be injecting a fresh instance.

Thanks,

Drew

Ümit Seren

unread,
May 10, 2012, 2:09:07 AM5/10/12
to gwt-pl...@googlegroups.com
It's not possible to inject the same instance from the client into the server. How should this work? Otherwise there would be no need to do any HTTP requests/AJAX calls if that was possible. What exactly are you trying to achieve?

Drew Spencer

unread,
May 10, 2012, 5:58:44 AM5/10/12
to gwt-pl...@googlegroups.com
Hi Umit, and thanks!

I want to be able to:

1) Have the LoginInfo object available on the server-side (as well as the client) so that I can perform queries and filter using the user's id. (currently I am passing it into the action, but is this the best way/are there alternatives)
2) Check that the user is an admin on the server-side (maybe use an ActionValidator?)

Any advice anyone can give would be appreciated.

Drew

Rob Ferguson

unread,
May 10, 2012, 6:29:01 AM5/10/12
to gwt-pl...@googlegroups.com
Hi,

This post might be of interest:

-> http://uptick.com.au/content/gwt-login-security

Cheers
Rob

Ümit Seren

unread,
May 11, 2012, 4:20:56 AM5/11/12
to gwt-pl...@googlegroups.com
There is one rule which you have to follow: Never trust anything from the client. So never rely on the backend on anything your client is sending to your. It would really easy to fake the LoginInfo on the client and maybe impersonate another user. So you always have to store the LoginInfo on the server in a HTTP session that is associated with your client. You can use the LoginInfo that you get from the server on the client to display specific controls (for example Edit Button, delete Button, etc). But when you execute the Delete or Edit action you have to retrieve the LoginInfo on the server from the HTTP session. So there is actually no need to pass the LoginInfo into your Action because you can't rely on it on the backend. 

Drew Spencer

unread,
May 30, 2012, 5:53:46 AM5/30/12
to gwt-pl...@googlegroups.com
Thanks a lot for the help, guys!

I eventually settled on an InitLoginInfo action that allowed me to set the LoginInfo object on the server, which can then be injected in my ActionHandlers using Guice.

I have also got an isAdmin() and an isLoggedIn() actionvalidator that I am using for server calls, to check user credentials.

Thanks again!

Drew
Reply all
Reply to author
Forward
0 new messages