User management in GWT

[sbrombo]

Hi everyone,

*Really short version*: I'd like suggestions on possible libraries/
projects to provide/develop the user registration/login/sessions
within a GWT site. Off-the-shelf solutions are ok, too.

Now some more details about my project:

I'm a novice GWT user currently in the preliminary "tech analysis"
stage of a site development project, i.e. I am trying to identify the
libraries and components to use along GWT to speed up the development.

The core of my project is to let users register on my site, fill in
some form fields with some personal data, and then use a search
function to find users with matching data.

I'm currently thinking about using a MySQL DB to hold all user data,
and develop all site functionalities with GWT. The thing I'm missing
is what to use to handle user registration/login/sessions. With some
searching I found:
- the Acegi security project, suggested in GWT tutorials;
- the Apache Shiro project, which seems not compatible with GWT due to
client code translation issues.

It looks like using Acegi requires a lot of design&dev time, and
serious security-oriented skills, while I'm looking for something
possibly more "off-the-shelf", which would wrap the user management in
a simple way, or even provide a basic implementation of user
registration and session functionality. Also an open, simple "CMS-
like" project which I could expand and customize with GWT is
acceptable, since site design is now only at the early functional
study and is hence very flexible.

Any suggestion would be really appreciated.

Regards,
M.

[Jim]

Hi M.

I'm also here checking out GWT and I believe I
may have tested something that may help you.

I think it was while I was running some of the examples
in the GWT section of "What's Coming in 2.1" using the
MVP Framework.

In this section there's a link to Spring Roo >> http://www.springsource.org/roo

It's a bit of work, but after setting everything up there's a
Roo demo application there that has a simple login to demonstrate the
security features of the Spring Roo Framework. If you are
familiar with Ruby on Rails, it seems to me that Spring Roo has
the same powerful funcionality ... and I love the way they use the
console and simple commands to generate the framework, and also,
what they call 'entities'. All this, of course, done in Java code.

Perhaps you can ask for more info at their site. It's been awhile
since I ran the demos ... but I'm pretty sure this is what you're
looking for.

Hope this helps.
Jim

[Jim]

Hi M.

Yes ... I just checked to see if I could find that demo.

Here is the one to use:

"vote.roo: The Voting sample script was built live on-stage during
SpringOne Europe 2009, as detailed in the project history section.
This is nice sample script because it's quite small and only has two
entities. It also demonstrates Spring Security usage."

You'll find this on Try Spring Roo (goto the bottom of the page) >
Roo's Samples
Then goto section 1.6. Exploring the Roo Samples.

I did try all three examples. The first one, the most complex, didn't
compile on my machine. The two others, vote.roo and wedding.roo
worked fine. Bye-the-way, once you have the updates and the right
libraries, there is a simple comand to run these demos instead of
building the projects.

roo> script --file filename.roo

- Jim

[Nicolas ANTONIAZZI]

What is the problem with Shiro ? I am using it for security management with my application and we did not have encountered any problem with its integration. It was only few lines of code :

public void login(String username, String password) {

  Subject currentUser = SecurityUtils.getSubject();

  if (!currentUser.isAuthenticated()) {

UserIdPasswordToken token = new UserIdPasswordToken(username, password);

currentUser.login(token);

  }

}

Then, I use some annotation binded with guice on server side :

@RequiresPermissions

@RequiresRoles

@RequiresUser

@RequiresGuest

@RequiresAuthentication

And I've got a filter that catch all Shiro Exceptions and transforms them to a gwt client "understandable" exception. Then, as soon as a Security Exception is sent on the client, I redirect user on a login popup.

I did not tried Acegi because I prefered to use guice on server side than spring.

2010/7/2 Jim <right...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

[Paul Schwarz]

Acegi is now called Spring Security, and with that they have greatly
reduced the xml configuration files required get started. Other great
features:
- annotations, so you have per-method authorisation if you like
- ubiquitous security, so you define once and it's applied everywhere,
as opposed to having to remember to explicitly secure a resource
- Spring Security's authentication context object can be accessed
programmatically, so from your GWT app you can write an RPC function
that delves into the authentication context and pulls out the current
user's username and roles, if you want!
- highly configurable but for newbies it's default convention-over-
configuration settings work beautifully and can very easily be wired
to push and pull users and roles from a MySQL database, and store
passwords hashed, etc. The Spring Security team have pretty much every
combination of features covered for your needs.
Ben Alex did a wonderful presentation in Sweden which they recorded
and put on their website... if only I could find that you'd be well on
your way

[jocke eriksson]

If you will deploy to a servlet container, have a look on the security it has to offer. Then solve the problem at the client side.  

2010/7/2 Paul Schwarz <paulss...@gmail.com>

[Carl Pritchett]

> Ben Alex did a wonderful presentation in Sweden

http://vimeo.com/12641333