Announcement Announcement Module
No announcement yet.
Roo GWT Security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Roo GWT Security

    I'm hoping some can help me configure Spring Roo / Spring Security and GWT.

    I've went through the documentation and got the pizza sample app working with spring security and now I'd like to try it with GWT.

    I create a very simple project with 2 entities(User, Address) and a few fields...then I run gwt setup followed by security setup...the project builds and runs fine.

    But I don't know which files to change to adapt my Roo GWT project to use Spring Security...I'm guessing most of it is in applicationContext-security.xml

    Could someone please list out all the changes that I'd need to make to fully integrate these two technologies...bullet points

    Also what Url should I be pointing to for logging in.

    If someone has a sample app with GWT / Spring Security working...would they mind posting some snippets..


  • #2
    I am also interested in the

    help in configure Spring Roo / Spring Security and GWT.


    • #3
      I have not looked in GWT in great depth yet, but from what I know it is mostly (all?) about presentation.

      So essentially I would suspect that security would be handled in normal spring security app would also apply to GWT (please correct me if I am wrong)

      You can start with putting the log3j for security to debug and pay attention to events, how things happen. If you need detailed spring security help I would recommend that you start with a basic ROO application and play with security configurations to learn the ropes.


      • #4
        I too have struggled getting Spring Security working on a GWT app. What attracted me to using GWT was the fact that the GWT SDK compiles everything down into static cacheable files so the browser only has to make one request for them. The rest seems to be just ajax requests back to the server for data. I tried creating a Roo project with gwt setup and spring security, but out of the box it doesn't seem to work the way it works when not using GWT.


        • #5
          Note: Spring Security does not fully secure your GWT app. It's still vulnerable to XSRF - See

          If you want to setup SS for your Roo/GWT app you need to do the following:
          1. Make sure a controller command is run before security setup
          2. Secure the RequestFactory url
          3. Use Http403ForbiddenEntryPoint
          4. Redirect to /login upon 403 from your client code
          5. Force SS to redirect to / upon successful authentication

          Here's a more detailed explanation:

          Last edited by shangxiao; Jun 16th, 2011, 02:06 AM.