>我一直在尝试使用Thymeleaf的安全标签,但我无法让它们工作。 这是我的安全类:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Environment env;
@Autowired
private UserSecurityService userSecurityService;
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtility.passwordEncoder();
}
private static final String[] PUBLIC_MATCHERS = { "/css/**", "/js/**", "/image/**", "/", "/myAccount" };
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
http.csrf().disable().cors().disable().formLogin().failureUrl("/login?error").defaultSuccessUrl("/")
.loginPage("/login").permitAll().and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/?logout")
.deleteCookies("remember-me").permitAll().and().rememberMe();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
}
}
庞.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
</dependencies>
索引.html
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<ul class="navbar-nav navbar-right">
<li class="nav-item"><a class="nav-link" href="#">Shopping
Cart</a></li>
<li class="nav-item"><a sec:authorize="isAnonymous()"
class="nav-link" th:href="@{/login}">My Account</a></li>
<li class="nav-item"><a sec:authorize="isAuthenticated()"
class="nav-link" th:href="@{/myProfile}">My Account</a></li>
<li class="nav-item"><a class="nav-link"
sec:authorize="isAuthenticated()" href="@{/logout}">Logout</a></li>
</ul>
我的问题是名为"我的帐户"的两个导航项都显示在页面上,我猜标签 sec:authorize 没有得到识别或类似的东西,或者我显然做错了什么:( 我需要做任何其他配置吗?我正在使用 spring boot 2,我尝试以不同的方式解决这个问题,从更改 thymeleaf-extras-springsecurity4 的版本到在 spring 上下文中添加一个 bean,但它仍然不起作用:(
在 Spring 引导自动配置中,不会自动配置SpringSecurityDialect的实例。因此,您有这个问题。尝试添加如下所示的SpringSecurityDialect豆,我希望它会起作用。
@Bean
public SpringSecurityDialect securityDialect() {
return new SpringSecurityDialect();
}