Is it adivisable to use java scripting inside JSP as below,
var f = null;
'<sec:authorize access="hasAnyRole(\'c2ladmin\',\'provider\')">'
f = function() {
alert('hi');
}
'</sec:authorize>';
'<sec:authorize access="hasRole(\'teacher\')">'
f = function() {
alert('teacher');
}
'</sec:authorize>';
Note: Need to render view from Javascript based on the role of the user.
Is it adivisable to use java scripting inside JSP as below,
var f = null;
'<sec:authorize access="hasAnyRole(\'c2ladmin\',\'provider\')">'
f = function() {
alert('hi');
}
'</sec:authorize>';
'<sec:authorize access="hasRole(\'teacher\')">'
f = function() {
alert('teacher');
}
'</sec:authorize>';
Note: Need to render view from Javascript based on the role of the user.
Share Improve this question edited Jun 11, 2015 at 14:11 sheikhisham asked Jun 11, 2015 at 8:03 sheikhishamsheikhisham 831 gold badge2 silver badges8 bronze badges 1- What do you mean "is it legal"? You have to understand that Javascript is easily modified by the user to show certain attributes. So you will have to do double checking with every backend action the user is executing (you should do that any). Just be careful you don't open yourself up to exploits this way and you should be fine. – Schaka Commented Jun 11, 2015 at 9:44
2 Answers
Reset to default 15instead you can try the following:
<sec:authorize access="hasAnyRole('admin','superadmin')" var="isAuthorizeAny"></sec:authorize>
<sec:authorize access="hasRole('user')" var="haRoleUser"></sec:authorize>
<script type="text/javascript">
if('${isAuthorizeAny}' == true){
f = function() {
alert('hi Admini');
}
}
if('${haRoleUser}' == true){
f = function() {
alert('hei User');
}
}
</script>
this works for me
<input id="isRoleExterno" access="hasRole('ROLE_EXTERNO')" type="text" class="hide" value="true"/>
<input id="isRoleExterno" access="!hasRole('ROLE_EXTERNO')" type="text" class="hide" value="false"/>
in my JS
var isRoleExterno = $('#isRoleExterno').val();
if(isRoleExterno){var clazz="hide";}else{var clazz="";}