我一直在尝试使用百里香的安全标签,但我无法使其正常工作。 这是我的安全等级:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Environment env;
@Autowired
private UserSecurityService userSecurityService;
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtility.passwordEncoder();
}
private static final String[] PUBLIC_MATCHERS = { "/css/**", "/js/**", "/image/**", "/", "/myAccount" };
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
http.csrf().disable().cors().disable().formLogin().failureUrl("/login?error").defaultSuccessUrl("/")
.loginPage("/login").permitAll().and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/?logout")
.deleteCookies("remember-me").permitAll().and().rememberMe();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
}
}
Pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
</dependencies>
Index.html
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<ul class="navbar-nav navbar-right">
<li class="nav-item"><a class="nav-link" href="#">Shopping
Cart</a></li>
<li class="nav-item"><a sec:authorize="isAnonymous()"
class="nav-link" th:href="@{/login}">My Account</a></li>
<li class="nav-item"><a sec:authorize="isAuthenticated()"
class="nav-link" th:href="@{/myProfile}">My Account</a></li>
<li class="nav-item"><a class="nav-link"
sec:authorize="isAuthenticated()" href="@{/logout}">Logout</a></li>
</ul>
我的问题是,两个名为“我的帐户”的导航项都显示在页面上,我猜标记sec:authorize无法识别或类似的标记,或者我显然做错了什么:(我需要吗做其他配置吗?我使用的是Spring Boot 2,我尝试以不同的方式解决此问题,从更改thymeleaf-extras-springsecurity4的版本到在Spring上下文中添加bean,但仍无法正常工作:((
答案 0 :(得分:0)
在spring boot自动配置中,SpringSecurityDialect的实例未自动配置。因此,您有此问题。尝试像下面那样添加SpringSecurityDialect的bean,我希望它会起作用。
@Bean
public SpringSecurityDialect securityDialect() {
return new SpringSecurityDialect();
}