Can someone explain in simple terms what "security" means in GWTP? (https://dev.arcbees.com/gwtp/core/security/ does not give a conceptual explanation, just pieces of code).
Roughly speaking, security is usually implemented by sending the browser a cookie after the user login. This cookie is sent then to the server with each browser request, and so the server knows, upon inspecting the cookie, that the request comes from an authenticated user.
But there are no cookies in GWTP, everything is client side apart from AJAX requests. So what does "security" (gatekeepers etc) mean in GWT?
The "cookie part" of the security mechanism that you describe is not something that GWTP concerns itself with; that is part of what the programmer needs to do.
The article that you linked describes ONLY how you can say "when someone tries to access this particular Presenter/Widget, ask this particular class (a Gatekeeper) if it is allowed". That's it. It is your responsibility to bring client-side whatever info you need about your users, such as roles, etc.
And yes, documentation is pretty scarce. However, I've just finished implementing this Gatekeeper stuff in our apps, and I've found the example here very useful.