是否可以使用 spring 安全性在 html 页面上隐藏按钮等？

Question

Currently i am using spring security where i have admin login and employee login. The thing is when i am logged in as a employee, i want to hide a button which redirects to admin homepage. Can i somehow make it hidden or unclickable when logged in as a employee? Furthermore there it is also in showCustomer.html where the admin can delete and edit a booking. To sum up; Can i hide html elements when i am logged in as a employee?

code:

protected void configure (HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.authorizeRequests()
                .antMatchers("/admin", "/opretBooking", "/showCustomer", "/editCustomer", "/sletBooking", "/medarbejder").hasRole("ADMIN")
                .antMatchers("/user", "/showCustomer", "/medarbejder").hasRole("USER")
                .antMatchers("/**").permitAll()
                .and().formLogin().loginPage("/login").and().logout().permitAll();

Answer 1

If you are using JSP, you can wrap the html in a spring security tag like

<sec:authorize access="isAuthenticated()">
   <!-- Content for Authenticated users -->  
</sec:authorize>

or Thymleaf

<div sec:authorize="hasRole('ADMIN')">
    This content is only shown to administrators.
</div>

If you're using Angular, you can store a boolean value in a cookie that signifies that the user is logged in. Then you would created a directive that hides the html element based on with that the user is logged in or not.

Answer 2

You can use in Html using JSTL

<sec:authorize access="isAnonymous()">
        <c:redirect url="/login"/>
</sec:authorize>

<sec:authorize access="hasAnyAuthority('ADMIN')">
        <button class="btn btn-info" type="submit">Submit</button>
</sec:authorize>