• Home
• com.googlecode.cedar-common
• cedar-common-gwt
• 5.2.4
• source code
• package-info.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.cedarsolutions.server.rpc.impl.package-info Maven / Gradle / Ivy

/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 *
 *              C E D A R
 *          S O L U T I O N S       "Software done right."
 *           S O F T W A R E
 *
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 *
 * Copyright (c) 2013 Kenneth J. Pronovici.
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Apache License, Version 2.0.
 * See LICENSE for more information about the licensing terms.
 *
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 *
 * Author   : Kenneth J. Pronovici 
 * Language : Java 6
 * Project  : Common Java Functionality
 *
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */

/**
 * Implementations for client-visible GWT RPC services.
 *
 * 

 * RPCs are client-visible services.  Only functionality that is useful to
 * clients should be exposed in the RPC interface.
 * 
 *
 * 

 * RPCs are usually implemented as thin wrappers over other back-end DAO or
 * service implementations.  In some cases, an RPC might directly proxy to the
 * back-end implementation.  In other cases, the RPC's purpose is process
 * orchestration.  RPCs should generally not inject other RPCs.  Back-end
 * functionality that neeeds to be shared should be in the service layer.
 * 
 *
 * 

 * Either entire RPC interfaces or specific RPC method calls can be protected
 * using Spring security annotations.  Interfaces or methods annotated with
 * \@Secured("ROLE_USER") can only be invoked by logged-in users.  Interfaces or
 * methods  annotated as \@Secured("ROLE_ADMIN") can only be invoked by logged-in
 * adminstrators.  Other methods or interfaces can be invoked without an
 * existing session (i.e. by anyone in the world), so be careful.  Most
 * RPCs should be limited to either ROLE_USER or ROLE_ADMIN.
 * 
 *
 * 

 * Some methods may interact with data owned by a specific user.  For security
 * purposes, it is very important that these methods rely on the session to
 * identify the user, rather than accepting credentials or other user identifiers
 * as method arguments.  This way, one logged in user will not be able to spoof
 * another logged in user.  Users will only be able to get at their own data.
 * 
 *
 * 

 * Classes that implement GWT RPC interfaces are mapped to GWT RPC calls
 * via Spring configuration using GWT-SL.
 * For example, rpc-servlet.xml might include something like this:
 * 
 *
 * 
 *     <bean class="org.gwtwidgets.server.spring.GWTHandler">
 *      <property name="serviceExporterFactory" ref="securedServiceExporterFactory" />
 *      <property name="mappings">
 *          <map>
 *              <entry key="/santaexchange/rpc/gaeUserRpc.rpc" value-ref="gaeUserRpc" />
 *          </map>
 *      </property>
 *  </bean>
 *
 *  <bean id="securedServiceExporterFactory" class="com.cedarsolutions.wiring.gwt.rpc.SecuredServiceExporterFactory" />
 * 
 *
 * 

 * Note that the key above (/santaexchange/rpc/gaeUserRpc.rpc)
 * has a relationship with the \@RemoteServiceRelativePath annotation on the service
 * interface, but it is not identical. In this case, the annotation will be
 * rpc/gaeUserRpc.rpc, but the Spring configuration must
 * include the application name /santaexchange.
 * 
 *
 * @author Kenneth J. Pronovici 
 */
package com.cedarsolutions.server.rpc.impl;