相关疑难解决方法(0)

我在使用Spring Security && Thymeleaf时遇到问题,特别是在尝试使用hasRole表达式时.'admin'用户有一个'ADMIN'角色,但hasRole('ADMIN')无论如何我会尝试将其解析为false

我的HTML:

1.<div sec:authentication="name"></div> <!-- works fine -->
2.<div sec:authentication="principal.authorities"></div> <!-- works fine -->

3.<div  sec:authorize="isAuthenticated()" >true</div> <!-- works fine -->
4.<span th:text="${#authorization.expression('isAuthenticated()')}"></span> <!-- works fine -->

5.<div th:text="${#vars.role_admin}"></div> <!--Works fine -->
6.<div  sec:authorize="${hasRole('ADMIN')}" > IS ADMIN </div> <!-- Doesnt work -->
7.<div  sec:authorize="${hasRole(#vars.role_admin)}" > IS ADMIN </div> <!-- Doesnt work -->
8.<div th:text="${#authorization.expression('hasRole(''ADMIN'')')} "></div> <!-- Doesnt work -->
9.<div th:text="${#authorization.expression('hasRole(#vars.role_admin)')}"></div> <!-- Doesnt work -->

结果是:

1.admin
2.[ADMIN]
3.true
4.true
5.ADMIN
6."prints nothing …

我有一个Spring + Thymeleaf项目,其中包含以下视图代码.

<!DOCTYPE html SYSTEM "http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring3-3.dtd">
<html
        xmlns="http://www.w3.org/1999/xhtml"
        xmlns:th="http://www.thymeleaf.org"
        xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">

<head>
    <title>Contacts</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<div id="content">
    <h1>Welcome to the site!</h1>
    <p th:if="${loginError}">Wrong user or password</p>
    <form th:action="@{/j_spring_security_check}" method="post">
        <label for="j_username">Email address</label>:
        <input type="text" id="j_username" name="j_username"/> <br/>
        <label for="j_password">Password</label>:
        <input type="password" id="j_password" name="j_password"/> <br/>
        <input type="submit" value="Log in"/>
    </form>
</div>

<div sec:authorize="isAuthenticated()">
    User: <span sec:authentication="name">miquel</span>
</div>
</body>
</html>

sec:authorize和sec:身份验证属性不能按预期工作 - 即使没有用户登录,也始终显示div,并且span始终显示为"miquel".

跟随我的控制器类的相关片段.

@RequestMapping(value = "/welcome.html") 
public String wellcome() { 
    Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
    System.out.println("username: " + …

我使用spring-boot 1.2.5 + thymeleaf + spring security来应用我的应用程序.

我需要在我的网站上显示用户名,经过一些研究似乎我应该使用类似的代码:

<div sec:authentication="name">The value of the "name" property of
        the authentication object should appear here.</div>

但是我没有让Thymeleaf解析那个标签.我需要一些帮助:(