Spring Security + Thymeleaf-如果未通过身份验证,则向用户隐藏特定数据
[英]Spring Security + Thymeleaf - hide specific data from user if not authenticated
问题描述
I Think Thymeleaf doesn't know when user is logged in , I have hidden two <a> tags from users who are authenticated but they still are displayed. 
我认为Thymeleaf不知道用户何时登录 ,我对已通过身份验证的用户隐藏了两个<a>标记,但它们仍然显示。
pom.xml :
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Here's the code for problem - hidding two anchor tags from users who are authenticated :
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
...
...
<div sec:authorize="isAnonymous()">
<a th:href="@{/login}">Log in</a>
<br>
<a th:href="@{/register}">Register</a>
</div>
<br>
<a th:href="@{/recipeList}">List Page</a>
Even after I log in , I still see the "login" and "register" tags 即使登录后,我仍然看到“登录”和“注册”标签
And here's the configuration, if its useful :
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public DataSource dataSource;
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception{
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource(dataSource);
return jdbcUserDetailsManager;
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception{
auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/recipeList").permitAll()
.antMatchers("/foodDescription/**").permitAll()
.antMatchers("/addNew/**").hasAnyRole("ADMIN","USER")
.antMatchers("/delete/**").hasRole("ADMIN")
.antMatchers("/edit/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/").permitAll();
http.csrf().disable();
}
}
My guess is that Thymeleaf doesn't know when user is logged in, if any other class is needed from my code, I'll edit it . 我的猜测是Thymeleaf不知道用户何时登录,如果我的代码中需要其他任何类,我将对其进行编辑。 Been stuck on this forever now. 现在一直被困在这个位置上。
1 个解决方案
解决方案1
0 已采纳 2019-01-31 11:37:12
I assume that you are using Spring Boot 2.1.x 我假设您正在使用Spring Boot 2.1.x
Then you have to use the version 5: 然后,您必须使用版本5:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.