(closed) Thymeleaf Security (sec:authorize tag) doesn’t work in Spring

huangapple go评论91阅读模式
英文:

(closed) Thymeleaf Security (sec:authorize tag) doesn't work in Spring

问题

I have a problem: when I implemented thymeleaf security, added dependency, I noticed that sec:authorize tag isn't even working!
I've browsed a lot of questions, but all of them obsolete or man forgot to add dependency
This tutorial is so easy, there weren't any additional classes and configurations, but it didn't help either: Baeldung Spring Security Thymeleaf Tutorial

My project on GitHub: CafeBarApplication, I haven't pushed new changes yet (if you've noticed some files missed, I'll add them)
There is my pom.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>3.1.0</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>sia</groupId>
	<artifactId>CafeBarApplication</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>CafeBarApplication</name>
	<description>Cafe Bar Example</description>
	<properties>
		<java.version>17</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.thymeleaf.extras</groupId>
			<artifactId>thymeleaf-extras-springsecurity5</artifactId>
			<version>3.1.0.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- Other dependencies here -->
	</dependencies>
	<!-- Build configuration here -->
</project>

Last, but not least: my HTML code:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
    xmlns:sec="http://www.thymeleaf.org/extras/spring-security">

<head>
    <title>Cafe Bar</title>
</head>

<body>
    <h3 th:text="'Welcome' + (${fullname} ? ', ' + ${fullname} + '!' : '')" />
    <img th:src="@{/images/cafeIcon.png}" />
    <!-- TODO think about placing in header -->
    <form method="POST" th:action="@{/logout}">
        <input type="submit" value="Logout" />
    </form>
    <div sec:authorize="!isAuthenticated()">
        This content is only shown to unauthenticated users.
    </div>
    <div sec:authorize="isAuthenticated()">
        This content is only shown to authenticated users.
    </div>
    <div sec:authorize="hasRole('ROLE_ADMIN')">
        This content is only shown to administrators.
    </div>
    <div sec:authorize="hasRole('ROLE_USER')">
        This content is only shown to users.
    </div>
</body>

</html>

Actual result (I've logged in as USER, but every div is displayed):
(closed) Thymeleaf Security (sec:authorize tag) doesn’t work in Spring

英文:

I have a problem: when I implemented thymeleaf security, added dependency, I noticed that sec:authorize tag isn't even working!
I've browsed a lot of questions, but all of them obsolete or man forgot to add dependency
This tutorial is so easy, there weren't any additional classes and configurations, but it didn't help either: https://www.baeldung.com/spring-security-thymeleaf

My project on github: https://github.com/sedub01/CafeBarApplication, I haven't push new changes yet (if you'd noticed some files missed, I'll add them)
There is my pom.xml file

&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;project xmlns=&quot;http://maven.apache.org/POM/4.0.0&quot; xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
	xsi:schemaLocation=&quot;http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd&quot;&gt;
	&lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt;
	&lt;parent&gt;
		&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
		&lt;artifactId&gt;spring-boot-starter-parent&lt;/artifactId&gt;
		&lt;version&gt;3.1.0&lt;/version&gt;
		&lt;relativePath/&gt; &lt;!-- lookup parent from repository --&gt;
	&lt;/parent&gt;
	&lt;groupId&gt;sia&lt;/groupId&gt;
	&lt;artifactId&gt;CafeBarApplication&lt;/artifactId&gt;
	&lt;version&gt;0.0.1-SNAPSHOT&lt;/version&gt;
	&lt;name&gt;CafeBarApplication&lt;/name&gt;
	&lt;description&gt;Cafe Bar Example&lt;/description&gt;
	&lt;properties&gt;
		&lt;java.version&gt;17&lt;/java.version&gt;
	&lt;/properties&gt;
	&lt;dependencies&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-thymeleaf&lt;/artifactId&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.thymeleaf.extras&lt;/groupId&gt;
			&lt;artifactId&gt;thymeleaf-extras-springsecurity5&lt;/artifactId&gt;
			&lt;version&gt;3.1.0.RELEASE&lt;/version&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt;
		&lt;/dependency&gt;

		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-devtools&lt;/artifactId&gt;
			&lt;scope&gt;runtime&lt;/scope&gt;
			&lt;optional&gt;true&lt;/optional&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-configuration-processor&lt;/artifactId&gt;
			&lt;optional&gt;true&lt;/optional&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.projectlombok&lt;/groupId&gt;
			&lt;artifactId&gt;lombok&lt;/artifactId&gt;
			&lt;optional&gt;true&lt;/optional&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-test&lt;/artifactId&gt;
			&lt;scope&gt;test&lt;/scope&gt;
		&lt;/dependency&gt;
		&lt;!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation --&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-validation&lt;/artifactId&gt;
			&lt;version&gt;3.1.0&lt;/version&gt;
		&lt;/dependency&gt;
		&lt;!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa --&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-data-jpa&lt;/artifactId&gt;
			&lt;version&gt;3.1.0&lt;/version&gt;
		&lt;/dependency&gt;
		&lt;!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security --&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-security&lt;/artifactId&gt;
			&lt;version&gt;3.1.0&lt;/version&gt;
		&lt;/dependency&gt;
		&lt;!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-oauth2-client --&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
			&lt;artifactId&gt;spring-boot-starter-oauth2-client&lt;/artifactId&gt;
			&lt;version&gt;3.1.0&lt;/version&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.postgresql&lt;/groupId&gt;
			&lt;artifactId&gt;postgresql&lt;/artifactId&gt;
			&lt;scope&gt;runtime&lt;/scope&gt;
		&lt;/dependency&gt;
		&lt;dependency&gt;
			&lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
			&lt;artifactId&gt;spring-security-test&lt;/artifactId&gt;
			&lt;scope&gt;test&lt;/scope&gt;
		&lt;/dependency&gt;
	&lt;/dependencies&gt;

	&lt;build&gt;
		&lt;plugins&gt;
			&lt;plugin&gt;
				&lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
				&lt;artifactId&gt;spring-boot-maven-plugin&lt;/artifactId&gt;
				&lt;configuration&gt;
					&lt;excludes&gt;
						&lt;exclude&gt;
							&lt;groupId&gt;org.projectlombok&lt;/groupId&gt;
							&lt;artifactId&gt;lombok&lt;/artifactId&gt;
						&lt;/exclude&gt;
					&lt;/excludes&gt;
				&lt;/configuration&gt;
			&lt;/plugin&gt;
		&lt;/plugins&gt;
	&lt;/build&gt;

&lt;/project&gt;

Last, but not least: my html code:

&lt;!DOCTYPE html&gt;
&lt;html xmlns=&quot;http://www.w3.org/1999/xhtml&quot; xmlns:th=&quot;http://www.thymeleaf.org&quot;
    xmlns:sec=&quot;http://www.thymeleaf.org/extras/spring-security&quot;&gt;

&lt;head&gt;
    &lt;title&gt;Cafe Bar&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;
    &lt;h3 th:text=&quot;&#39;Welcome&#39; + (${fullname} ? &#39;, &#39; + ${fullname} + &#39;!&#39; : &#39;&#39;)&quot; /&gt;
    &lt;img th:src=&quot;@{/images/cafeIcon.png}&quot; /&gt;
    &lt;!-- TODO think about placing in header --&gt;
    &lt;form method=&quot;POST&quot; th:action=&quot;@{/logout}&quot;&gt;
        &lt;input type=&quot;submit&quot; value=&quot;Logout&quot; /&gt;
    &lt;/form&gt;
    &lt;div sec:authorize=&quot;!isAuthenticated()&quot;&gt;
        This content is only shown to unauthenticated users.
    &lt;/div&gt;
    &lt;div sec:authorize=&quot;isAuthenticated()&quot;&gt;
        This content is only shown to authenticated users.
    &lt;/div&gt;
    &lt;div sec:authorize=&quot;hasRole(&#39;ROLE_ADMIN&#39;)&quot;&gt;
        This content is only shown to administrators.
    &lt;/div&gt;
    &lt;div sec:authorize=&quot;hasRole(&#39;ROLE_USER&#39;)&quot;&gt;
        This content is only shown to users.
    &lt;/div&gt;
&lt;/body&gt;

&lt;/html&gt;

Actual result (I've logined as USER, but every div is displayed):
(closed) Thymeleaf Security (sec:authorize tag) doesn’t work in Spring

答案1

得分: 1

由于您正在使用 spring-boot 版本 3.1.0,该版本使用了 spring 6.0.9 版本。但您使用的库 thymeleaf-extras-springsecurity5 使用的是 spring 版本 5.x,因此它不会按预期工作。

请改用 thymeleaf-extras-springsecurity6 库。

&lt;dependency&gt;
  &lt;groupId&gt;org.thymeleaf.extras&lt;/groupId&gt;
  &lt;artifactId&gt;thymeleaf-extras-springsecurity6&lt;/artifactId&gt;
  &lt;version&gt;3.1.0.RELEASE&lt;/version&gt;
&lt;/dependency&gt;
英文:

As you using spring-boot version 3.1.0 which uses spring 6.0.9 version. But the library you have used thymeleaf-extras-springsecurity5 is using spring version 5.x so it will not work as expected.

Use the thymeleaf-extras-springsecurity6 library instead.

&lt;dependency&gt;
  &lt;groupId&gt;org.thymeleaf.extras&lt;/groupId&gt;
  &lt;artifactId&gt;thymeleaf-extras-springsecurity6&lt;/artifactId&gt;
  &lt;version&gt;3.1.0.RELEASE&lt;/version&gt;
&lt;/dependency&gt;

huangapple
  • 本文由 发表于 2023年7月31日 18:48:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/76802888.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定