What are the best practices for creating a Conditional UI using GWT and Spring Security based on a users Role/Permissions?
I'm aware that you can't rely on client side security. I will have security checks on the server side. The Conditional UI is really only for appearance.
You will need a service to get the list of the user's roles from the server (which has them) to the client (which does not). In the onSuccess method of the callback, you would have code similar to the following:
if (roles.contains("role1")) {
GWT.runAsync(new RunAsyncCallback() {
public void onFailure(Throwable caught) {
Window.alert("Code download failed");
}
public void onSuccess() {
// code here if the user has role1
}
});
}
if (roles.contains("role2")) {
GWT.runAsync(new RunAsyncCallback() {
public void onFailure(Throwable caught) {
Window.alert("Code download failed");
}
public void onSuccess() {
// code here if the user has role2
}
});
}
// and so on
We use GWT.runAsync to chunk off sections of code that users may not need to see. When it's time to load the UI, we just check to see what they need and then display it to them.
We have abstracted most of the necessary business logic into settings we download for each user, like "showTeacherControls" and "showAdvisorControls" and "showStudentControls." Then the client can just check those flags to figure out what to display.
