升级春天和百里香叶子破坏了我的授权

Question

我正在将我的Spring Boot应用程序从1.3.5升级到1.4.4(最终是1.5.x),我注意到我的Thymeleaf菜单项现在已经坏了.我是这样的:

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">

...
<ul class="nav pull-right">
  <li sec:authorize="${!isAuthenticated()}">
     <div>
          <span></span>
     </div>
  </li>
  <li sec:authorize="${isAuthenticated()}">
     <span th:inline="text">Logged in as [[${#httpServletRequest.remoteUser}]</span>
   </li>
</ul>

然后我做了以下更改

compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile('org.thymeleaf.extras:thymeleaf-extras-springsecurity4:2.1.2.RELEASE')

至

compile group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf', version: '1.4.4.RELEASE'
compile group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity4', version: '3.0.2.RELEASE'
compile group: 'org.thymeleaf', name: 'thymeleaf-spring4', version: '3.0.9.RELEASE'

但是,正在显示授权元素,就好像绕过安全性一样.有没有改变,sec:authorize以同样的方式工作？我查看了Thymeleaf文档,但我没有看到它.我知道正在通过身份验证的用户具有适当的角色并经过身份验证.

更新:

为了它的价值,我尝试将bootstrap和jquery版本更新为:

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"/>
    <script src="https://use.fontawesome.com/releases/v5.0.6/js/all.js"></script>
    <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>

并在我的HTML中有这个

xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"

但这仍然无法解决显示错误项目的问题.

Answer 1

尝试sec:authorize="isAuthenticated()"代替sec:authorize="${isAuthenticated()}"

Spring Boot 1.x 使用 thymeleaf 2，SB 2.x 使用 thymeleaf 3。

如果您想将 thymeleaf 3 与 SB 1.x 一起使用，您需要进行额外的配置： https: //github.com/spring-projects/spring-boot/issues/4393