英文:
(closed) Thymeleaf Security (sec:authorize tag) doesn't work in Spring
问题
I have a problem: when I implemented thymeleaf security, added dependency, I noticed that sec:authorize tag isn't even working!
I've browsed a lot of questions, but all of them obsolete or man forgot to add dependency
This tutorial is so easy, there weren't any additional classes and configurations, but it didn't help either: Baeldung Spring Security Thymeleaf Tutorial
My project on GitHub: CafeBarApplication, I haven't pushed new changes yet (if you've noticed some files missed, I'll add them)
There is my pom.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>sia</groupId>
<artifactId>CafeBarApplication</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>CafeBarApplication</name>
<description>Cafe Bar Example</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- Other dependencies here -->
</dependencies>
<!-- Build configuration here -->
</project>
Last, but not least: my HTML code:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<title>Cafe Bar</title>
</head>
<body>
<h3 th:text="'Welcome' + (${fullname} ? ', ' + ${fullname} + '!' : '')" />
<img th:src="@{/images/cafeIcon.png}" />
<!-- TODO think about placing in header -->
<form method="POST" th:action="@{/logout}">
<input type="submit" value="Logout" />
</form>
<div sec:authorize="!isAuthenticated()">
This content is only shown to unauthenticated users.
</div>
<div sec:authorize="isAuthenticated()">
This content is only shown to authenticated users.
</div>
<div sec:authorize="hasRole('ROLE_ADMIN')">
This content is only shown to administrators.
</div>
<div sec:authorize="hasRole('ROLE_USER')">
This content is only shown to users.
</div>
</body>
</html>
Actual result (I've logged in as USER, but every div is displayed):
英文:
I have a problem: when I implemented thymeleaf security, added dependency, I noticed that sec:authorize tag isn't even working!
I've browsed a lot of questions, but all of them obsolete or man forgot to add dependency
This tutorial is so easy, there weren't any additional classes and configurations, but it didn't help either: https://www.baeldung.com/spring-security-thymeleaf
My project on github: https://github.com/sedub01/CafeBarApplication, I haven't push new changes yet (if you'd noticed some files missed, I'll add them)
There is my pom.xml file
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>sia</groupId>
<artifactId>CafeBarApplication</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>CafeBarApplication</name>
<description>Cafe Bar Example</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
<version>3.1.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>3.1.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>3.1.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-oauth2-client -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
Last, but not least: my html code:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<title>Cafe Bar</title>
</head>
<body>
<h3 th:text="'Welcome' + (${fullname} ? ', ' + ${fullname} + '!' : '')" />
<img th:src="@{/images/cafeIcon.png}" />
<!-- TODO think about placing in header -->
<form method="POST" th:action="@{/logout}">
<input type="submit" value="Logout" />
</form>
<div sec:authorize="!isAuthenticated()">
This content is only shown to unauthenticated users.
</div>
<div sec:authorize="isAuthenticated()">
This content is only shown to authenticated users.
</div>
<div sec:authorize="hasRole('ROLE_ADMIN')">
This content is only shown to administrators.
</div>
<div sec:authorize="hasRole('ROLE_USER')">
This content is only shown to users.
</div>
</body>
</html>
Actual result (I've logined as USER, but every div is displayed):
答案1
得分: 1
由于您正在使用 spring-boot 版本 3.1.0,该版本使用了 spring 6.0.9 版本。但您使用的库 thymeleaf-extras-springsecurity5 使用的是 spring 版本 5.x,因此它不会按预期工作。
请改用 thymeleaf-extras-springsecurity6 库。
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
英文:
As you using spring-boot version 3.1.0 which uses spring 6.0.9 version. But the library you have used thymeleaf-extras-springsecurity5 is using spring version 5.x so it will not work as expected.
Use the thymeleaf-extras-springsecurity6 library instead.
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论