GWTP 安全机制说明
GWTP security mechanism clarification
谁能简单解释一下 "security" 在 GWTP 中的含义? (https://dev.arcbees.com/gwtp/core/security/不做概念性解释,只是代码片断)。
粗略地说,安全通常是通过在用户登录后向浏览器发送cookie来实现的。然后,此 cookie 随每个浏览器请求一起发送到服务器,因此服务器在检查 cookie 时知道该请求来自经过身份验证的用户。
但是 GWTP 中没有 cookie,除了 AJAX 请求之外,一切都是客户端。那么 "security"(看门人等)在 GWT 中意味着什么?
The "cookie part" of the security mechanism that you describe is not something that GWTP concerns itself with; that is part of what the programmer needs to do.
The article that you linked describes ONLY how you can say "when someone tries to access this particular Presenter/Widget, ask this particular class (a Gatekeeper) if it is allowed".而已。 It is your responsibility to bring client-side whatever info you need about your users, such as roles, etc.
And yes, documentation is pretty scarce. However, I've just finished implementing this Gatekeeper stuff in our apps, and I've found the example here very useful.
谁能简单解释一下 "security" 在 GWTP 中的含义? (https://dev.arcbees.com/gwtp/core/security/不做概念性解释,只是代码片断)。
粗略地说,安全通常是通过在用户登录后向浏览器发送cookie来实现的。然后,此 cookie 随每个浏览器请求一起发送到服务器,因此服务器在检查 cookie 时知道该请求来自经过身份验证的用户。
但是 GWTP 中没有 cookie,除了 AJAX 请求之外,一切都是客户端。那么 "security"(看门人等)在 GWT 中意味着什么?
The "cookie part" of the security mechanism that you describe is not something that GWTP concerns itself with; that is part of what the programmer needs to do.
The article that you linked describes ONLY how you can say "when someone tries to access this particular Presenter/Widget, ask this particular class (a Gatekeeper) if it is allowed".而已。 It is your responsibility to bring client-side whatever info you need about your users, such as roles, etc.
And yes, documentation is pretty scarce. However, I've just finished implementing this Gatekeeper stuff in our apps, and I've found the example here very useful.