sec:百里香视图中的isAuthenticated()和isAnonymous()都返回true [英] sec:authorize returning true for both isAuthenticated() and isAnonymous() in thymeleaf view
问题描述
在我当前的spring-boot项目中,我在thymeleaf视图中有如下代码片段:
In my current spring-boot project, I have in my view a snippet of code like this in my thymeleaf view:
<div class="account">
<ul>
<li id="your-account" sec:authorize="isAnonymous()">
... code 1 ...
</li>
<li id="your-account" sec:authorize="isAuthenticated()">
... code 2 ...
</li>
<li th:if="${cart}">
...
</li>
</ul>
</div>
其中片段1或2只能同时显示.但是现在,当我在浏览器中打开此视图时,将显示两个区域.
where only one of the snippets 1 or 2 should be displayed in the same time. But right now, when I open this view in the browser, the two areas are being displayed.
任何人都可以看到这里出了什么问题吗?
Anyone can see what's wrong here?
ps .:我的百里香叶配置类是这样的:
ps.: my thymeleaf configuration class is this:
@Configuration
public class Thymeleaf {
@Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine engine = new SpringTemplateEngine();
final Set<IDialect> dialects = new HashSet<IDialect>();
dialects.add( new SpringSecurityDialect() );
engine.setDialects( dialects );
return engine;
}
}
ps .:我的spring-security配置类是:
ps.: my spring-security configuration class is that:
@Configuration
@ComponentScan(value="com.spring.loja")
@EnableGlobalMethodSecurity(prePostEnabled=true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private SocialUserDetailsService socialUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManagerBuilder auth;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/b3/**", "/v1.1/**", "/**", "/destaque/**", "/categoria/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/login").permitAll()
.usernameParameter("login")
.passwordParameter("senha")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.apply(new SpringSocialConfigurer());
}
@Override
public void configure(WebSecurity web) throws Exception {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setPermissionEvaluator(new CustomPermissionEvaluator());
web.expressionHandler(handler);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return auth.getOrBuild();
}
}
推荐答案
我的解决方法是将thymeleaf-extras-springsecurity4添加到我的Web应用程序依赖项中.
My fix was to add thymeleaf-extras-springsecurity4 to my web app dependencies.
我有一个父pom正在导入spring boot(1.4.1.RELEASE),其中包括thymeleaf Extras,但是我的子pom(包含Web应用程序代码)需要像这样调用特定的thymeleaf Extras依赖项:
I had a parent pom that was importing spring boot (1.4.1.RELEASE), which includes the thymeleaf extras, but my child pom (which houses the web app code) needed to call out the specific thymeleaf extras dependency like so:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
voilà...现在可以正常工作.
And voilà ... it now works.
我正在尝试做:
<div sec:authorize="hasRole('ROLE_USER')"></div>
在thymeleaf模板(.html文件)中,仅在用户登录时显示该div及其内容.但是,它一直在显示该div.
in a thymeleaf template (.html file) to only show that div and it's contents when a user was logged in. However, it was showing that div all the time.
我希望它会抛出一个错误,说它在包含thymeleaf Extras依赖项之前无法识别spring安全标签……它将使调试变得更加容易.
I wish it would have thrown an error saying it couldn't recognize the spring security tag prior to including the thymeleaf extras dependency ... it would have made debugging much easier.
这篇关于sec:百里香视图中的isAuthenticated()和isAnonymous()都返回true的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
