Menu
In my current spring-boot project, I have in my view a snippet of code like this in my thymeleaf view:
<div class="account">
<ul>
<li id="your-account" sec:authorize="isAnonymous()">
... code 1 ...
</li>
<li id="your-account" sec:authorize="isAuthenticated()">
... code 2 ...
</li>
<li th:if="${cart}">
...
</li>
</ul>
</div>
where only one of the snippets 1 or 2 should be displayed in the same time. But right now, when I open this view in the browser, the two areas are being displayed.
Anyone can see what's wrong here?
ps.: my thymeleaf configuration class is this:
@Configuration
public class Thymeleaf {
@Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine engine = new SpringTemplateEngine();
final Set<IDialect> dialects = new HashSet<IDialect>();
dialects.add( new SpringSecurityDialect() );
engine.setDialects( dialects );
return engine;
}
}
ps.: my spring-security configuration class is that:
@Configuration
@ComponentScan(value="com.spring.loja")
@EnableGlobalMethodSecurity(prePostEnabled=true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private SocialUserDetailsService socialUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManagerBuilder auth;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/b3/**", "/v1.1/**", "/**", "/destaque/**", "/categoria/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/login").permitAll()
.usernameParameter("login")
.passwordParameter("senha")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.apply(new SpringSocialConfigurer());
}
@Override
public void configure(WebSecurity web) throws Exception {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setPermissionEvaluator(new CustomPermissionEvaluator());
web.expressionHandler(handler);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return auth.getOrBuild();
}
}
270
My fix was to add thymeleaf-extras-springsecurity4 to my web app dependencies.
I had a parent pom that was importing spring boot (1.4.1.RELEASE), which includes the thymeleaf extras, but my child pom (which houses the web app code) needed to call out the specific thymeleaf extras dependency like so:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
And voilà ... it now works.
I was attempting to do:
<div sec:authorize="hasRole('ROLE_USER')"></div>
in a thymeleaf template (.html file) to only show that div and it's contents when a user was logged in. However, it was showing that div all the time.
I wish it would have thrown an error saying it couldn't recognize the spring security tag prior to including the thymeleaf extras dependency ... it would have made debugging much easier.
124
This could be as a result the thymeleaf-extras-springsecurity4 artifact being missing on your classpath. I was having this issue and discovered that (after pulling most of my hair out) the SpringSecurity dialect was not loaded for thymeleaf because the of the jar's absence. Added this dependency by:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
Hope this helps. See https://stackoverflow.com/a/31622977/4091838
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
