Thymeleaf 身份验证对象在错误页面上为 null 或为空 [英] Thymeleaf authentication object is either null or empty on an error page

问题描述

登录成功后鉴权显然不为空，但同时登录时仍然强制出错使鉴权为空.

After successful login authentication was obviously not null, but while still login forcing an error makes the authentication null.

• Spring Boot 1.3.1
• 百里香叶 2.1.4
• Thymeleaf-Spring4 2.1.4
• Thymeleaf-Extras-SpringSecurity4

error.html(处理错误/异常的自定义错误页面)

error.html (custom error page that handles errors/exception)

...          
<header th:include="fragments/menu :: menu"></header>
...

menu.html(错误/异常期间不显示所有菜单项)

menu.html (all menu items does not display during errors/exeception)

 ...
 <li sec:authorize="hasAnyRole('ADMIN', 'MANAGER')">
 ...
 </li>
 ...
 <li sec:authorize="isAuthenticated()"><a id="logoff" href="#logoff">Log Off</a></li>
 ..

这种行为是预期的还是我遗漏了什么?我希望身份验证对象不为空，以便我可以重新显示受保护的 url 链接.

Is this behavior expected or am I missing anything? I'm expecting the authentication object to be not null so I can redisplay secured urls links.

推荐答案

这是 Spring Boot 的一个已知问题，甚至记录在 文档:

This is a known issue with Spring Boot that even documented in the documentation:

注意如果您使用最终由过滤器处理的路径注册 ErrorPage(例如，与某些非 Spring Web框架，如 Jersey 和 Wicket)，那么过滤器必须是显式注册为 ERROR 调度程序(默认FilterRegistrationBean 不包括 ERROR 调度程序类型).

N.B. if you register an ErrorPage with a path that will end up being handled by a Filter (e.g. as is common with some non-Spring web frameworks, like Jersey and Wicket), then the Filter has to be explicitly registered as an ERROR dispatcher (the default FilterRegistrationBean does not include the ERROR dispatcher type).

例如:

@Bean
public FilterRegistrationBean myFilter() {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(new MyFilter());
    ...
    registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
    return registration;
}

另请参阅 Spring Boot 跟踪器中的相关问题.

但是从 1.3.1 开始，您可以更简单地配置它(参见 #4505) 通过将以下行添加到 application.properties:

But you can configure it even simpler since 1.3.1 (see #4505) by adding the following line to application.properties:

security.filter-dispatcher-types: ASYNC, FORWARD, INCLUDE, REQUEST, ERROR

这篇关于Thymeleaf 身份验证对象在错误页面上为 null 或为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！