Best approach to secure (use roles and permissions) a web application?

advertisements

Thinking to use Spring security but is there better than that? Also, thinking to use CAS (Central Authentication Service) to integrate with Spring security for Single Sign On? Any suggestions? It might be different question but any idea how to use spring taglib in GWT to hide certain things based on user role?


Thinking to use Spring security but is there better than that? Maybe

Also, thinking to use CAS (Central Authentication Service) to integrate with Spring security for Single Sign On? Any suggestions?

Spring Security integrates seamlessly with CAS, you just need to do namespace based configuration and add beans when required on the client side.

See Documentation

It might be different question but any idea how to use spring taglib in GWT to hide certain things based on user role?

Yes, you can do that using the security taglib like provided you include your GWT widgets into JSPs:

Here is a tutorial on how to do that but haven't tested it.

custom-integration-of-gwt-widgets-into-jsps

and the-role-of-jsps-in-a-gwt-world/

See also: