thymeleaf sec:授权在 spring boot 中不工作 [英] thymeleaf sec:authorize not working in spring boot

查看:43
本文介绍了thymeleaf sec:授权在 spring boot 中不工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个带有 Thymeleaf 和内存认证的 Spring MVC 项目.在我的 html 中,我想显示当前登录的用户并仅在有人登录时显示注销按钮.

这里是一个简单的 html,它应该显示用户名,但总是显示 Bob 和一个只有在有人登录时才应该显示的文本,但它总是显示.

知道我做错了什么吗?

这是我的 pom.xml

<modelVersion>4.0.0</modelVersion><父母><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.1.3.RELEASE</version><relativePath/><!-- 从存储库中查找父级 --></父母><groupId>info.climbinggyms</groupId><artifactId>main</artifactId><version>0.0.1-SNAPSHOT</version><name>main</name><description>网站概述了现有的攀岩馆</description><属性><java.version>8</java.version></属性><依赖项><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-jpa</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><scope>运行时</scope></依赖><依赖><groupId>org.apache.tomcat</groupId><artifactId>tomcat-jdbc</artifactId></依赖><依赖><groupId>org.postgresql</groupId><artifactId>postgresql</artifactId></依赖><依赖><groupId>com.h2database</groupId><artifactId>h2</artifactId><scope>运行时</scope></依赖><依赖><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><范围>测试</范围></依赖><!-- https://mvnrepository.com/artifact/javax.mail/javax.mail-api --><依赖><groupId>javax.mail</groupId><artifactId>邮件</artifactId><version>1.4.3</version></依赖><依赖><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId><version>4.3.1.RELEASE</version></依赖><依赖><groupId>nz.net.ultraq.thymeleaf</groupId><artifactId>thymeleaf-layout-dialect</artifactId><version>2.3.0</version></依赖><依赖><groupId>org.thymeleaf.extras</groupId><artifactId>thymeleaf-extras-springsecurity4</artifactId></依赖><依赖><groupId>org.thymeleaf</groupId><artifactId>thymeleaf-spring4</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></依赖><依赖><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><optional>true</optional></依赖></依赖项><构建><插件><插件><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></插件></plugins></build></项目>

我的 html:

<html xmlns="http://www.w3.org/1999/xhtml"xmlns:th="http://www.thymeleaf.org"xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"xmlns:sec="http://www.thymeleaf.org/extras/spring-security"布局:装饰器=布局/root_layout"lang="zh-cn"><头><title>我的攀岩馆</title><身体><div layout:fragment="page-content"><div class="容器"><部分><br><br><br><h1>我的攀岩馆</h1><p>欢迎来到我的攀岩馆</p><p>这个还在建设中,本站只包含虚拟数据</p><div sec:authorize="isAuthenticated()">此内容仅向经过身份验证的用户显示.

<span sec:authentication="name">Bob</span></节>

</html>

和我的安全配置:

package info.climbinggyms.main;导入 org.springframework.beans.factory.annotation.Autowired;导入 org.springframework.context.annotation.Bean;导入 org.springframework.context.annotation.Configuration;导入 org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;导入 org.springframework.security.config.annotation.web.builders.HttpSecurity;导入 org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;导入 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@配置@启用网络安全公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter {@覆盖protected void configure(HttpSecurity http) 抛出异常 {http.httpBasic().和().authorizeRequests().antMatchers("/admin/**").hasAnyRole("ADMIN","USER").和().csrf().disable().headers().frameOptions().disable().和().formLogin().和().登出();}@自动连线public void configureGlobal(AuthenticationManagerBuilder auth) 抛出异常 {auth.inMemoryAuthentication().withUser("bleau83").password("{noop}bleau83").roles("ADMIN").和().withUser("user").password("{noop}user").roles("USER");}}

解决方案

我将 thymeleaf 安全更新到 springsecurity5,现在它可以工作了

<依赖><groupId>org.thymeleaf.extras</groupId><artifactId>thymeleaf-extras-springsecurity5</artifactId></依赖>

I have a Spring MVC project with Thymeleaf and in memory authentication. In my html I want to display the current user that is logged in and diplay the logout button only when somebody is logged in.

Here is a simple html that should display the username, but is always displays Bob and a text that should only be displayed when somebody is logged in, but it's always displayed.

Any idea what I'm doing wrong?

Here is my pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>info.climbinggyms</groupId>
    <artifactId>main</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>main</name>
    <description>website with an overview of the existing climbing gyms</description>

    <properties>
        <java.version>8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
        </dependency>



        <dependency>
            <groupId>org.apache.tomcat</groupId>
            <artifactId>tomcat-jdbc</artifactId>
        </dependency>
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
        </dependency>



        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>

                <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- https://mvnrepository.com/artifact/javax.mail/javax.mail-api -->
        <dependency>
            <groupId>javax.mail</groupId>
            <artifactId>mail</artifactId>
            <version>1.4.3</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context-support</artifactId>
            <version>4.3.1.RELEASE</version>
        </dependency>


        <dependency>
            <groupId>nz.net.ultraq.thymeleaf</groupId>
            <artifactId>thymeleaf-layout-dialect</artifactId>
            <version>2.3.0</version>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring4</artifactId>
        </dependency>


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <optional>true</optional>
        </dependency>



    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

My html:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
      layout:decorator="layout/root_layout"
      lang="en">
<head>
    <title>My Climbing Gyms</title>
</head>
<body>
    <div layout:fragment="page-content">
    <div class="container">
        <section>
            <br>
            <br>
            <br>
            <h1>My Climbing Gyms</h1>
            <p>Welcome to my climbing gyms</p>
            <p>This is still under construction, this site only contains dummy data</p>

            <div sec:authorize="isAuthenticated()">
                This content is only shown to authenticated users.
            </div>

            <span sec:authentication="name">Bob</span>


        </section>
    </div>
    </div>

</body>
</html>

and my security configuration:

package info.climbinggyms.main;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic()
                .and()
                .authorizeRequests()
                .antMatchers("/admin/**").hasAnyRole("ADMIN","USER")
                .and()
                .csrf().disable().headers().frameOptions().disable()
                .and()
                .formLogin()
                .and()
                .logout();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("bleau83").password("{noop}bleau83").roles("ADMIN")
                .and()
                .withUser("user").password("{noop}user").roles("USER");
    }
}

解决方案

I updated my thymeleaf security to springsecurity5 and now it is working

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>

这篇关于thymeleaf sec:授权在 spring boot 中不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆