在我当前的spring-boot项目中,我在thymeleaf视图中有如下代码片段:
<div class="account"> <ul> <li id="your-account" sec:authorize="isAnonymous()"> ... code 1 ... </li> <li id="your-account" sec:authorize="isAuthenticated()"> ... code 2 ... </li> <li th:if="${cart}"> ... </li> </ul> </div>
其中只能同时显示摘要1或2之一。但是现在,当我在浏览器中打开此视图时,将显示两个区域。
有人看到这里有什么问题吗?
ps .:我的thymeleaf配置类是这样的:
@Configuration public class Thymeleaf { @Bean public SpringTemplateEngine templateEngine() { SpringTemplateEngine engine = new SpringTemplateEngine(); final Set<IDialect> dialects = new HashSet<IDialect>(); dialects.add( new SpringSecurityDialect() ); engine.setDialects( dialects ); return engine; } }
ps .:我的spring-security配置类是:
@Configuration @ComponentScan(value="com.spring.loja") @EnableGlobalMethodSecurity(prePostEnabled=true) @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired private SocialUserDetailsService socialUserDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationManagerBuilder auth; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .authorizeRequests() .antMatchers("/b3/**", "/v1.1/**", "/**", "/destaque/**", "/categoria/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/signin") .loginProcessingUrl("/login").permitAll() .usernameParameter("login") .passwordParameter("senha") .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") .and() .apply(new SpringSocialConfigurer()); } @Override public void configure(WebSecurity web) throws Exception { DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler(); handler.setPermissionEvaluator(new CustomPermissionEvaluator()); web.expressionHandler(handler); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return auth.getOrBuild(); } }
我的解决方法是添加thymeleaf-extras-springsecurity4到我的Web应用程序依赖项。
thymeleaf-extras-springsecurity4
我有一个父pom正在导入spring boot(1.4.1.RELEASE),其中包括thymeleaf Extras,但是我的子pom(用于存放Web应用程序代码)需要像下面这样调用特定的thymeleaf Extras依赖项:
<dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency>
瞧……现在可以了。
我正在尝试做:
<div sec:authorize="hasRole('ROLE_USER')"></div>
在thymeleaf模板(.html文件)中仅显示该div及其在用户登录时的内容。但是,它一直在显示该div。
我希望它会引发一个错误,说它在包含thymeleaf Extras依赖项之前无法识别spring安全标签……它将使调试变得更加容易。