Secured annotation on service/method level doesn't work?

[Aaron Li]

Hello,

You guys did fantastic job on creating this project :)

As I go through the source code of the demos I noticed some comments like "Secured method not working.", so I decided to give it a try.

It turned out its true that the annotation like @Secured("ROLE_ADMIN") is really not working. You can even comment it out or change the role to something else but the service is still protected.

This makes believe the application is secured from an application level.

Do you have any idea why it is like this and is there any way to get finer grained security?

Thanks 

Aaron Li

[Steven Jardine]

Hi Aaron,

Well, I must say that I haven't spent any time with the demos. Ken created them way back when and I haven't had the time to fix them.

The design of my apps use mostly method level security and gwt rpc / gwt request factory features without a problem.

I'll try and spend some time looking at the demos and see if I can see what the problem is. 

Thanks, 

Steve

[Steven Jardine]

I have spend some time working on an integration test module for the gwtsecurity project.  The module is in the form of a web application that tests method level security.  If you need an example of how to get method level security to work it should be a good starting point.  Not many tests yet, it currently only verifies that the rpc calls are secure.

Check out the trunk src code to have a look.

On Saturday, March 15, 2014 1:51:18 AM UTC-6, Aaron Li wrote: