如何在Spring Boot应用程序中包含Spring Security

Question

I am working of a spring boot application. 我正在使用Spring Boot应用程序。 After developing the application, we are now trying to include spring security in our application. 开发应用程序之后，我们现在尝试在应用程序中包含spring安全性。

I have included the following code: 我包含以下代码：

html code: html代码：

<li th:if="${#authorization.expression('!isAuthenticated()')}">
<a th:href="@{/login}" th:text="#{navbar.login.text}" />
                    </li>

Java code: Java代码：

package com.devopsbuddy.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {



    private static final String[] PUBLIC_MATCHERS = {
            "/webjars/**",
            "/css/**",
            "/js/**",
            "/images/**",
            "/",
            "/about/**",
            "/contact/**",
            "/error/**/*"           
    };

    @Override
    protected void configure(HttpSecurity http) throws Exception {



        http
                .authorizeRequests()
                .antMatchers(PUBLIC_MATCHERS).permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/login").defaultSuccessUrl("/payload")
                .failureUrl("/login?error").permitAll()
                .and()
                .logout().permitAll();
    }


    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user").password("password")
            .roles("USER");
    }
}

when I try to hit the url: 当我尝试点击网址时：

http://localhost:8080/ HTTP：//本地主机：8080 /

I am getting the below error on screen: 我在屏幕上收到以下错误：

**36673 [http-nio-8080-exec-2] ERROR org.thymeleaf.TemplateEngine - [THYMELEAF][http-nio-8080-exec-2] Exception processing template "user/login": Exception evaluating SpringEL expression: "#authorization.expression('!isAuthenticated()')" (template: "common/navbar" - line 24, col 25)
org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "#authorization.expression('!isAuthenticated()')" (template: "common/navbar" - line 24, col 25)
    at org.thymeleaf.spring5.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:290)
    at org.thymeleaf.standard.expression.VariableExpression.executeVariableExpression(VariableExpression.java:166)
    at org.thymeleaf.standard.expression.SimpleExpression.executeSimple(SimpleExpression.java:66)
    at org.thymeleaf.standard.expression.Expression.execute(Expression.java:109)
    at org.thymeleaf.standard.expression.Expression.execute(Expression.java:138)
    at org.thymeleaf.standard.expression.Expression.execute(Expression.java:125)
...
...

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E: Method call: Attempted to call method expression(java.lang.String) on null context object
    at org.springframework.expression.spel.ast.MethodReference.throwIfNotNullSafe(MethodReference.java:153)
    at org.springframework.expression.spel.ast.MethodReference.getValueRef(MethodReference.java:82)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:67)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
    at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:111)
    at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:328)
    at org.thymeleaf.spring5.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:263)
    ... 102 common frames omitted

36673 [http-nio-8080-exec-2] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "#authorization.expression('!isAuthenticated()')" (template: "common/navbar" - line 24, col 25)] with root cause
org.springframework.expression.spel.SpelEvaluationException: EL1011E: Method call: Attempted to call method expression(java.lang.String) on null context object
    at org.springframework.expression.spel.ast.MethodReference.throwIfNotNullSafe(MethodReference.java:153)
    at org.springframework.expression.spel.ast.MethodReference.getValueRef(MethodReference.java:82)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:67)**

pom.xml 的pom.xml

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>


<dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
            <version>2.1.2.RELEASE</version>
        </dependency>

I am new to Thymeleaf and Spring security. 我是Thymeleaf和Spring安全的新手。 So not sure why the Spring security is failing. 因此，不确定Spring安全性为何会失败。

If i comment the line with authorization.expression(), it works. 如果我用authorization.expression（）注释行，则可以正常工作。

I have shared the code at https://github.com/azaveri7/devopsbuddy in branch security. 我已经在分支机构安全性的https://github.com/azaveri7/devopsbuddy上共享了代码。

Please advise. 请指教。

Answer 1

please consider this as a suggestion, not an answer. 请将此视为建议而非答案。 previously I also went through this but hard to figure it out. 以前我也经历过，但很难弄清楚。 then I decided to go through spring's automatic configurations. 然后我决定通过spring的自动配置。 I only used this library - 我只用了这个库-

       <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
       </dependency>

and then spring provided the login URL, login page, logout URL etc.. I only wrote the userdetailsService. 然后spring提供了登录URL，登录页面，注销URL等。我只写了userdetailsService。 and in my case, I also wrote a custom filter also. 就我而言，我还编写了一个自定义过滤器。

Answer 2

I have the below to check if user is not logged-in or not 我在下面检查用户是否未登录

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">

.... ....

    <span sec:authorize="not isAuthenticated()">
         You are not logged in - click <a th:href="@{/login}">login</a>
    </span>
...

Answer 3

The spring security is 5.0.9 in your pom that extend the spring-boot-starter-parent 2.0.6 您的pom中的spring安全性是5.0.9，可扩展spring-boot-starter-parent 2.0.6

BUT thymeleaf-extras-springsecurity4 is still spring security 4, so you need to upgrade the thymeleaf-extras to 但是thymeleaf-extras-springsecurity4仍然是spring security 4，因此您需要将thymeleaf-extras升级到

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
    <version>3.0.4.RELEASE</version>
</dependency>

如何在Spring Boot应用程序中包含Spring Security

问题描述

3 个解决方案

解决方案1
0 2018-12-07 05:38:20

解决方案2
0 2018-12-07 06:00:37

解决方案3
0 2018-12-08 03:47:52

如何在Spring Boot应用程序中包含Spring Security

问题描述

3 个解决方案

解决方案1 0 2018-12-07 05:38:20

解决方案2 0 2018-12-07 06:00:37

解决方案3 0 2018-12-08 03:47:52

解决方案1
0 2018-12-07 05:38:20

解决方案2
0 2018-12-07 06:00:37

解决方案3
0 2018-12-08 03:47:52