How to not deliver codesplits that a user isn't authorized for?

[Clint Checketts]

In my application, I have 2 types of users: normal users and abnormal users (kidding). Actually when one role is logged in, there are sections of the codebase that I don't want the other role to have any way to know about.

What is the best way to lock down serving up the code that I need to be locked down?

In the past, I had 2 modules with 2 separate entry points, and protected the second based on the URL access, but that forces the users that use both sections of the app to have to redownload the common Core, GWT, and CssResources. Those common pieces of code won't be shared between the separate modules.

-Clint

[Thomas Broyer]

Why wasn't the second app a super-set of the first one? Using a JSP (or whatever) as your HTML host page, you could then selectively (depending on the user) send the first or second app (generate the script tag for the appropriate *.nocache.js).

If you really don't want the code to be downloaded by non-authorized users, that's how I'd do it.