Spring Security hasRole()不起作用 [英] Spring Security hasRole() not working
问题描述
使用Spring Security&& ;;时遇到问题Thymeleaf,特别是在尝试使用 hasRole 表达式。 'admin'用户有一个'ADMIN'角色,但是 hasRole('ADMIN')
无论如何都会解析为false
I'm facing a problem when using Spring Security && Thymeleaf, specifically when trying to use the hasRole expression. The 'admin' user has a role 'ADMIN' but hasRole('ADMIN')
resolves to false anyway I try it
我的HTML:
1.<div sec:authentication="name"></div> <!-- works fine -->
2.<div sec:authentication="principal.authorities"></div> <!-- works fine -->
3.<div sec:authorize="isAuthenticated()" >true</div> <!-- works fine -->
4.<span th:text="${#authorization.expression('isAuthenticated()')}"></span> <!-- works fine -->
5.<div th:text="${#vars.role_admin}"></div> <!--Works fine -->
6.<div sec:authorize="${hasRole('ADMIN')}" > IS ADMIN </div> <!-- Doesnt work -->
7.<div sec:authorize="${hasRole(#vars.role_admin)}" > IS ADMIN </div> <!-- Doesnt work -->
8.<div th:text="${#authorization.expression('hasRole(''ADMIN'')')} "></div> <!-- Doesnt work -->
9.<div th:text="${#authorization.expression('hasRole(#vars.role_admin)')}"></div> <!-- Doesnt work -->
结果为:
1.admin
2.[ADMIN]
3.true
4.true
5.ADMIN
6."prints nothing because hasRole('ADMIN') resolves to false"
7."prints nothing because hasRole(#vars.role_admin) resolves to false"
8.false
9.false
我在security.xml文件中启用了 use-expressions
I have enabled use-expressions in my security.xml file
<security:http auto-config="true" use-expressions="true">
还包括我的配置中的SpringSecurityDialect
And also included the SpringSecurityDialect in my config
<bean id="templateEngine"
class="org.thymeleaf.spring4.SpringTemplateEngine">
<property name="templateResolver" ref="templateResolver" />
<property name="additionalDialects">
<set>
<bean class="org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect" />
</set>
</property>
</bean>
我的pom.xml文件中所有必需的依赖项
All the necessary dependencies in my pom.xml file
<!--Spring security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<!--Thymeleaf Spring Security-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.2.RELEASE</version>
<scope>compile</scope>
</dependency>
Role.java
Role.java
@Entity
@Table(name = "roles")
public class Role implements Serializable {
@Id
@Enumerated(EnumType.STRING)
private RoleType name;
//... getters, setters
}
RoleType
public enum RoleType {
ADMIN
}
和用户
有一套角色
s
为什么 hasRole()
无效?
感谢您的帮助,谢谢
th:if =$ {#strings.contains(#authentication.principal.authorities,'ADMIN')}
推荐答案
尝试使用 hasAuthority
而不是 hasRole
在HTML标签内。
Try use hasAuthority
instead hasRole
inside HTML-tag.
sec:authorize="hasAuthority('ADMIN')"
这篇关于Spring Security hasRole()不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!