我尝试在我的视图中使用类似此代码段的内容,但无论用户的角色如何,内容始终都会显示。
<div sec:authorize="hasRole('ROLE_ADMIN')">
<!-- Some admin content -->
</div>
答案 0 :(得分:1)
将以下依赖项添加到build.gradle:
compile("org.springframework.boot:spring-boot-starter-security")
您还必须添加Spring Security配置,例如:
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("admin").roles("ADMIN", "USER")
.and().withUser("user").password("user").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/index/**").permitAll()
.and().authorizeRequests().antMatchers("/login", "logout").permitAll()
.and().formLogin().loginPage("/login").defaultSuccessUrl("/").permitAll()
.and().logout()
.deleteCookies("remove")
.invalidateHttpSession(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/logout-success")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
}
}