Thymeleaf Security不适用于Spring Boot 1.3.5
[英]Thymeleaf Security does not work with Spring Boot 1.3.5
问题描述
I am trying to get my web Application to work again with the new Spring Boot version 1.3.5, but the thymeleaf dialect does not seem to work any longer. 
我正在尝试使我的Web应用程序再次与新的Spring Boot版本1.3.5一起使用,但是百里香方言似乎不再起作用。
I added 我加了
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
to my .pom and even registered a bean in my security configuration: 到我的.pom甚至在我的安全配置中注册了一个bean:
@Bean
public SpringSecurityDialect springSecurityDialect(){
SpringSecurityDialect dialect = new SpringSecurityDialect();
return dialect;
}
(although I would assume spring boot would do that for me anyway). (尽管我认为弹簧靴无论如何都会帮我做到这一点)。 Wen using expressions like, eg 温使用诸如
<li sec:authorize="hasRole('SITE_ADMIN') || hasRole('TENANT_ADMIN')">Admin
</li>
the expression will not be rendered, as the role seems to be null although I can inject my custom User element into the controller: 尽管我可以将自定义User元素注入控制器,但是该角色将显示为空,因此该角色将不会呈现:
@RequestMapping(value="/", method=RequestMethod.GET)
public String homePage(@AuthenticationPrincipal VZUser user, Model model){
model.addAttribute("email", user.getEmail());
return "home/index";
}
From debugging, I see the Principal object injected is not null, but the template does not seem to be able to parse the sec: objects. 从调试中,我看到注入的Principal对象不是null,但是模板似乎无法解析sec:对象。 I deleted the xmlns namespace and reinserted it without effect. 我删除了xmlns名称空间,然后重新插入它而没有任何效果。 And the documentation on this feature is quite frankly appalling. 坦率地说,有关此功能的文档令人震惊。 Anything I miss? 我想念什么吗?
Oh yeah. 哦耶。 The same code (without the new dependency and with the namespace declaration in the xhtml template) worked in Spring Boot 1.3.2... 在Spring Boot 1.3.2中可以使用相同的代码(没有新的依赖项并且在xhtml模板中具有名称空间声明)...
UPDATE 更新
I think it has to do with the fact that I use a custom UserDetailsService. 我认为这与我使用自定义UserDetailsService的事实有关。 I have no problems with the in memory service. 我的内存服务没有问题。 however, My custom User implementation just has the following: 但是,我的自定义用户实现仅具有以下内容:
@Override
public Collection<? extends GrantedAuthority> getAuthorities(){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for(VZUserRoles role: roles){
authorities.add(new SimpleGrantedAuthority(role.name()));
}
return authorities;
}
I define an elementary UserDetails Service and put it int the AuthenticationMAnagerBuilder. 我定义了一个基本的UserDetails服务,并将其放入AuthenticationMAnagerBuilder中。 Authentication works fine, it just does not seem to get passed along to the view. 身份验证工作正常,但似乎并没有传递给视图。
2 个解决方案
解决方案1
3 2016-06-23 19:54:34
Indeed, you don't need to define the SpringSecurityDialect bean, it's done for you by the Spring Boot auto-configuration. 确实,您不需要定义SpringSecurityDialect bean,它是通过Spring Boot自动配置为您完成的。
I don't see anything wrong in your example here and I've tried to reproduce the issue without success. 我在这里的示例中没有看到任何错误,并且我尝试重现该问题,但未成功。
With the following dependencies: 具有以下依赖性:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
A simple Controller: 一个简单的控制器:
@Controller
public class HomeController {
@RequestMapping("/")
public String home() {
return "index";
}
}
A custom security configuration: 定制安全性配置:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("brian").password("password").roles("USER");
}
}
An index.html template: index.html模板:
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
</head>
<body>
<h2>Thymleaf example</h2>
<p sec:authorize="hasRole('ROLE_USER')">
Authenticated
</p>
<p th:text="${#authentication.principal.username}">the_username</p>
</body>
</html>
Everything works as expected. 一切正常。
Feel free to create an issue once you have a minimal repro project . 一旦有了最小的repro项目,就可以随意创建问题 。
解决方案2
1 已采纳 2016-06-25 06:23:47
I found a workaround, which supposingly has to do with the way Spring Security 4 handles roles. 我找到了一种解决方法,该方法可能与Spring Security 4处理角色的方式有关。
sec:authorize="hasAuthority('SITE_ADMIN')"
works just fine 效果很好
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.