AFAIK there is no ready-solution in GWT
.
Basically you will create a history token (i.e. http://MyGWTApp.com/tasks/#!SOME_LONG_UID).
When the user navigates to this URL, you have to check on the backend if the UID
is valid. You can do this by using either RPC
, RequestBuilder
, or rf
. Conveniently you can return the access type (red/write) back to the client.
With the access type you can then disable some UI interface elements.
Some things to keep in mind:
- For each task/action that goes to the backend you have to check if the
UID
allows the access pattern (= never trust the client). So you also have to send along theUID
with each request. - You can also have to make sure on the backend that when the anonymous users can only carry out the tasks (read/write) that are allowed (= whitelist).