How can I get the authority by javascript with spring-security-core?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How can I get the authority by javascript with spring-security-core?

xunitc
Hi.

I hava the edit and delete buttons in show.gsp
I hava an admin user which has the 'ROLE_ADMIN' role.
Now, I do not want other user which has no 'ROLE_ADMIN' role can see the edit and delete buttons.

I use nginx cache, so if I login as admin, the buttons will be cached.
Then admin logout, and other user login, I can see the edit and delete buttons because the cache.
I think if I use javascript to check the 'ROLE_ADMIN' role in or not in the current user, I can bypass the cache, but I do not know how to do.

some help please.
Xunitc