I'm trying to flesh out some ideas for a rich client (eclipse rcp) project I'm working on. I'm using the Spring Framework for the server side glue (and loving it).

However, I'm trying to wrap my mind around how I would 'setup' the user interface based on the security clearance available. The challenge/response sort of security inspection wouldn't make much sense for me, I don't want the user to have to click on everything to find out what they can actually use.

So do I need to have the client application tailor its interface based on the roles (after proper authentication) that acgei returns? Is there an elegant way of doing this?

Any direction/insight/resources would GREATLY be appreciated. In a house of RPG guys that haven't learned a new thing in 20 years (me not being one of them), I'm very serious about making this application work well.

Thank you!

You'll need net.sf.acegisecurity.providers.rcp. A brief explanation I provided elsewhere follows:


Client-server rich clients are also fully supported. In the client-side application context a RemoteAuthenticationManager is configured. This RemoteAuthenticationManager receives Authentication request objects and passes the contained username and password to a corresponding server-side web service. The server-side web service then builds a new Authentication request object containing the passed username and password, before passing it to a server-side AuthenticationManager. If successful, a list of GrantedAuthoritys is passed back to the RemoteAuthenticationManager. This allows the rich client to make authorization decisions such as the visibility of GUI actions. The rich client will also typically set each remoting proxy factory with the validated username and password.

That should get me moving in the right direction, after a day spent on google I wish I would have seen that earlier!

Thank you!