SpringBoot Thymeleaf安全授权

时间:2019-02-08 12:52:49

标签: thymeleaf

我对sec :: authorize遇到问题,它不起作用。我几乎尝试了一切。

这是我的项目中的示例:

 <div sec:authorize="isAuthenticated()">
      <form action="logmeout" th:action="@{/logmeout}" method="post" id="form1"></form>
        <button type="submit" form="form1" value="Submit">Wyloguj</button>
         </div>

        <div sec:authorize="isAnonymous()">
        <form action="logmeout" th:action="@{/logmeout}" method="post" id="form2"></form>
        <button type="submit" form="form2" value="Submit">Zaloguj</button>
         </div>

Sec:authorize始终为true,并且所有形式均可见。

我的pom文件:

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>

    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-thymeleaf</artifactId>
     </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>



     <dependency>
    <groupId>nz.net.ultraq.thymeleaf</groupId>
    <artifactId>thymeleaf-layout-dialect</artifactId>
    </dependency>



   <dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity3</artifactId>
    <version>2.1.2.RELEASE</version>
</dependency>




<dependency>
  <groupId>com.opencsv</groupId>
  <artifactId>opencsv</artifactId>
  <version>4.4</version>
</dependency>

    </dependencies>

    <build>
    <finalName>springApp</finalName>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

和SecurityConfig:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {





    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        return passwordEncoder;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
           String[] staticResources  =  {
                    "/css/**",
                    "/img/**",
                    "/fonts/**",
                    "/scripts/**",
                };

        http
        .authorizeRequests()
        .antMatchers(staticResources).permitAll()   
        .antMatchers("/").permitAll()
            .antMatchers("/register").permitAll()
             .anyRequest().authenticated()
        .and()
           .formLogin()
           .loginPage("/loginform")
               .permitAll()
           .loginProcessingUrl("/processlogin")
               .permitAll()
           .usernameParameter("user")
           .passwordParameter("pass")
           .and()
       .logout()
           .logoutUrl("/logmeout")
               .logoutSuccessUrl("/logoutservice")
               .permitAll();
    }

}

当我尝试添加时:

<div th:text="${#authentication.name}">

我看到评估SpringEL表达式“#authentication.name”的错误异常。 我该如何处理?

1 个答案:

答案 0 :(得分:1)

大多数情况与您的依赖项相关版本有关。我假设您的spring-boot version 2.1.X ,那么您应该使用以下依赖项:

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>

this这样的问题中也对此有所说明。