通过身份验证或匿名访问,不显示thymeleaf安全标记

时间:2017-02-09 20:06:32

标签: spring spring-mvc spring-security thymeleaf

在我目前的春季项目中,我有一个使用此代码的视图:

      <ul class="nav navbar-nav navbar-right" sec:authorize="isAnonymous()">
        <li><a th:href="@{/signin}" th:utext="#{signin}"></a></li>
        <li><a th:href="@{/signup}" th:utext="#{signup}"></a></li>
     </ul>
     <ul class="nav navbar-nav navbar-right" sec:authorize="isAuthenticated()">
        <li><a th:href="@{/cart}"><span class="glyphicon glyphicon-shopping-cart" aria-hidden="true"></span></a></li>
        <li sec:authorize="hasPermission(#user, 'admin')"><a th:href="@{/admin}"><span class="glyphicon glyphicon-cog" aria-hidden="true"></span></a></li>
        <li class="dropdown">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><span sec:authentication="name">Teste</span> <span class="caret"></span></a>
            <ul class="dropdown-menu">
                <li><a href="#"><span class="glyphicon glyphicon-user" aria-hidden="true"></span><span th:utext="#{myaccount}"></span></a></li>
                <li><a href="#"><span class="glyphicon glyphicon-heart" aria-hidden="true"></span><span th:utext="#{mywishlist}"></span></a></li>
                <li><a href="#"><span class="glyphicon glyphicon-briefcase" aria-hidden="true"></span><span th:utext="#{myorders}"></span></a></li>
            </ul>
        </li>
        <li><a th:href="@{/logout}"><span class="glyphicon glyphicon-off" aria-hidden="true"></span></a></li>
      </ul>

当我在浏览器中打开页面时,不会显示任何内容,标记为sec:authorize="isAnonymous()"的标记或标有sec:authorize="isAuthenticated()"的标记。

我的配置是:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:p="http://www.springframework.org/schema/p"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:security="http://www.springframework.org/schema/security"
        xmlns:mvc="http://www.springframework.org/schema/mvc"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">  
    <security:http pattern="/" security="none"></security:http>

    <security:http pattern="/css/**" security="none"></security:http>

    <security:http pattern="/img/**" security="none"></security:http>

    <security:http pattern="/js/**" security="none"></security:http>

    <security:http use-expressions="true">
        <security:form-login login-page="/signin"
            login-processing-url="/login" username-parameter="login"
            password-parameter="senha" />
        <security:logout logout-url="/logout"
            delete-cookies='JSESSIONID' logout-success-url="/" />
        <security:remember-me key="remember-me"
            remember-me-parameter="remember-me" remember-me-cookie="remember-me" /><security:csrf
            disabled="true" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider user-service-ref="userDetailsService">
            <security:password-encoder ref="passwordEncoder"></security:password-encoder>
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource" ref="dataSource"></property>
        <property name="usersByUsernameQuery" value="select login, senha, enabled from usuario where login = ?"></property>
        <property name="authoritiesByUsernameQuery" value="SELECT t1.username, t2.authority FROM (SELECT u.login as username, c.nome as credencial FROM usuario u, usuario_credencial uc, credencial c WHERE u.id = uc.usuario_id and c.id = uc.credenciais_id) as t1 INNER JOIN (SELECT c.nome as credencial, a.nome as authority FROM credencial c, credencial_autorizacao ca, autorizacao a WHERE c.id = ca.credencial_id and a.id = ca.autorizacoes_id) as t2 ON t1.credencial = t2.credencial WHERE t1.username = ?;"></property>
    </bean>

    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <constructor-arg name="strength" value="4"></constructor-arg></bean>
    <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
        <property name="permissionEvaluator" ref="permissionEvaluator"></property></bean>
    <bean id="permissionEvaluator" class="org.kleber.MyPermissionEvaluator"></bean>
</beans>

有人可以暗示这里的问题是什么吗?

ps:这是我的pom.xml关于百万美元的依赖关系:

<dependency>
    <groupId>org.thymeleaf</groupId>
    <artifactId>thymeleaf</artifactId>
    <version>2.1.5.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.thymeleaf</groupId>
    <artifactId>thymeleaf-spring4</artifactId>
    <version>2.1.5.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>2.1.3.RELEASE</version>
</dependency>

1 个答案:

答案 0 :(得分:1)

我终于自己解决了这个问题。这里的问题是我在XML配置文件中的这一行:

<security:http pattern="/" security="none"></security:http>

删除后,两个条件都开始正常工作。看起来像这一行,安全上下文完全停止在这个网页上工作。

相关问题
最新问题