Question

我正在尝试使用Spring框架创建一个应用程序，到目前为止该功能运行良好，但是Spring安全性无法正常工作

我创建了这个html文件，但事实是，即使我以管理员或用户身份登录，它也不会显示任何内容

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
    <head th:fragment="head">
        <meta charset="UTF-8">
        <title th:text="${titulo}"></title>

        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css" integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS" crossorigin="anonymous">
    </head>
    <body>

        <p>User Logged: </p><span sec:authentication="name"></span></li>

    </body>
</html>

这是我的springSecurityConfig.java

package com.bolsadeideasspringboot.app;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.User.UserBuilder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{


@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
    .antMatchers("/", "/css/**", "/js/**", "/img/**", "/listar").permitAll()
    .antMatchers("/ver/**").hasAnyRole("USER")
    .antMatchers("/uploads/**").hasAnyRole("USER")
    .antMatchers("/form/**").hasAnyRole("ADMIN")
    .antMatchers("/eliminar/**").hasAnyRole("ADMIN")
    .antMatchers("/factura/**").hasAnyRole("ADMIN").anyRequest().authenticated()
    .and()
    .formLogin().loginPage("/login")
    .permitAll()
    .and()
    .logout().permitAll();
}

@Autowired
public void configurerglobal(AuthenticationManagerBuilder build) throws Exception {

    //UserBuilder user = User.withDefaultPasswordEncoder();

    PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
    UserBuilder users = User.builder().passwordEncoder(encoder::encode);

    build.inMemoryAuthentication()
    .withUser(users.username("admin").password("pass").roles("ADMIN", "USER"))
    .withUser(users.username("user").password("user").roles("USER"));               
}

}

我不知道为什么不起作用，谢谢您的帮助。

Answer 1

由于@ArslanAnjum，他建议发表this帖子，我只需要将此部分添加到我的html文件中，现在spring安全性就可以正常工作了

<bean id="templateEngine" class="org.thymeleaf.spring3.SpringTemplateEngine">
    <property name="templateResolver" ref="templateResolver" />
    <property name="additionalDialects">
        <set>
            <bean class="org.thymeleaf.extras.springsecurity3.dialect.SpringSecurityDialect" />
        </set>
    </property>
</bean>

Answer 2

尝试使用@EnableWebSecurity注释类。那应该有帮助。

Thymleaf和Spring安全性无法正常运行

2 个答案: