Spring Security + Thymeleaf-如果未通过身份验证,则向用户隐藏特定数据

时间:2019-01-31 08:42:16

标签: java spring-boot spring-security thymeleaf

我认为Thymeleaf不知道用户何时登录,我已经从经过认证的用户中隐藏了两个<a>标签,但仍然显示

  

pom.xml:

    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
  

这是解决问题的代码-隐藏用户的两个锚标记   通过身份验证的人:

<html lang="en" xmlns:th="http://www.thymeleaf.org"
                xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
...
...

<div sec:authorize="isAnonymous()">
    <a th:href="@{/login}">Log in</a>
    <br>
    <a th:href="@{/register}">Register</a>
</div>

<br>

<a th:href="@{/recipeList}">List Page</a>

即使登录后,我仍然看到“登录”和“注册”标签

  

这是配置,如果有用的话:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public DataSource dataSource;

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception{
        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
        jdbcUserDetailsManager.setDataSource(dataSource);
        return jdbcUserDetailsManager;
    }

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception{
        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .antMatchers("/", "/home").permitAll()
                    .antMatchers("/register").permitAll()
                    .antMatchers("/recipeList").permitAll()
                    .antMatchers("/foodDescription/**").permitAll()
                    .antMatchers("/addNew/**").hasAnyRole("ADMIN","USER")
                    .antMatchers("/delete/**").hasRole("ADMIN")
                    .antMatchers("/edit/**").hasRole("ADMIN")
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .defaultSuccessUrl("/")
                    .permitAll()
                    .and()
                .logout()
                    .logoutSuccessUrl("/").permitAll();
        http.csrf().disable();
    }
}

我的猜测是Thymeleaf不知道用户何时登录,如果我的代码中需要其他任何类,我将对其进行编辑。现在一直被困在这个地方。

1 个答案:

答案 0 :(得分:0)

我假设您正在使用Spring Boot 2.1.x

然后您必须使用版本5:

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
相关问题
最新问题