我要啦免费统计

Load Dojo Modules Conditionally when using Spring Security

Scenario

In a JSP page, I want to load different Dojo modules defined in separate .js files according to the authorization roles determined by Spring Security.

At first glance, it seems that dojo/has fits my need. dojo/has provides feature detection with extensible API. So we can assign difference classes to the body element based on user’s authorization roles, and then define a test for dojo/has, that adds features based on whether the body contains a certain class or not.

Then, we can use

1
2
3
4
require(["dojo/has!feature?package/module:package/other"], function(featureModule){
// If feature is true, package/module loaded
// If feature is false, package/other loaded
});

to load modules conditionally.

However, a vital drawback of this method is that the check is done on the client side, which means the user can modify the body class on the client side to bypass the security mechanism and load the module that the user is not authorized to load. Thus Spring Security taglib is used instead in order to archive the goal.

Read More