I've tried several variations of the following with no luck:
<th:block th:if="${currentRole} != 'EMPLOYEE' OR 'MANAGER'}">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
I'm trying to simply show a login button if the value ${currentRole}
is neither EMPLOYEE
nor MANAGER
. The thing is, if I set the if condition to one of either ${currentRole} != 'EMPLOYEE'
or ${currentRole} != 'MANAGER'
it works perfectly fine. Why doesn't it work when I check for two conditions?
Stack trace:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateInputException: An error happened during template parsing (template: "class path resource [templates/home.html]")
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:976)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:856)
javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:841)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
Try the following:
<th:block sec:authorize="!hasAnyRole('EMPLOYEE', 'MANAGER')">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
Assuming:
<!DOCTYPE html SYSTEM "http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-4.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
You didn't include the actual error in your stacktrace but I would expect it's something like java.lang.IllegalArgumentException: Invalid boolean value 'MANAGER'
Your expression doesn't make sense if you look at it this way: ${(currentRole != 'EMPLOYEE') OR 'MANAGER'}
. There are no shortcuts for comparing a string to two different strings the way you are trying to; you need to write an entire expression. Something like this for example:
<!-- Assuming you are trying to test if the role is not 'EMPLOYEE' or 'MANAGER' -->
<th:block th:if="${currentRole != 'EMPLOYEE' AND currentRole != 'MANAGER'}">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
Also, you don't need the <th:block />
. You can simplify it to something like this:
<a th:if="${currentRole != 'EMPLOYEE' AND currentRole != 'MANAGER'}" href="/login" th:href="@{/login}" class="btn-login">Log In</a>
I noticed no one actually answered your question. This is because Thymeleaf documentation is not the best. However, if I may, there are syntax errors in your code.
That said, your code:
<th:block th:if="${currentRole} != 'EMPLOYEE' OR 'MANAGER'}">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
will become:
<th:block th:if="${currentRole != 'EMPLOYEE' && currentRole != 'MANAGER'}">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
or could be:
<th:block th:if="${currentRole != 'EMPLOYEE' and currentRole != 'MANAGER'}">
<a href="/login" th:href="@{/login}" class="btn-login">Log In</a>
</th:block>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.