In a JSP page, I want to load different Dojo modules defined in separate .js files according to the authorization roles determined by Spring Security.
At first glance, it seems that dojo/has fits my need. dojo/has provides feature detection with extensible API. So we can assign difference classes to the body element based on user’s authorization roles, and then define a test for dojo/has, that adds features based on whether the body contains a certain class or not.
However, a vital drawback of this method is that the check is done on the client side, which means the user can modify the body class on the client side to bypass the security mechanism and load the module that the user is not authorized to load. Thus Spring Security taglib is used instead in order to archive the goal.