Spring Security hasRole()无法正常工作

我在使用Spring Security &&

Thymeleaf时遇到问题,特别是在尝试使用hasRole表达式时。“ admin”用户的角色为“ ADMIN”,但hasRole('ADMIN')无论如何我都会解析为false

我的html:

1.<div sec:authentication="name"></div> <!-- works fine -->

2.<div sec:authentication="principal.authorities"></div> <!-- works fine -->

3.<div sec:authorize="isAuthenticated()" >true</div> <!-- works fine -->

4.<span th:text="${#authorization.expression('isAuthenticated()')}"></span> <!-- works fine -->

5.<div th:text="${#vars.role_admin}"></div> <!--Works fine -->

6.<div sec:authorize="${hasRole('ADMIN')}" > IS ADMIN </div> <!-- Doesnt work -->

7.<div sec:authorize="${hasRole(#vars.role_admin)}" > IS ADMIN </div> <!-- Doesnt work -->

8.<div th:text="${#authorization.expression('hasRole(''ADMIN'')')} "></div> <!-- Doesnt work -->

9.<div th:text="${#authorization.expression('hasRole(#vars.role_admin)')}"></div> <!-- Doesnt work -->

结果是:

1.admin

2.[ADMIN]

3.true

4.true

5.ADMIN

6."prints nothing because hasRole('ADMIN') resolves to false"

7."prints nothing because hasRole(#vars.role_admin) resolves to false"

8.false

9.false

我在security.xml文件中启用了 use-expressions

<security:http auto-config="true" use-expressions="true">

并且在我的配置中还包含了SpringSecurityDialect

<bean id="templateEngine"

class="org.thymeleaf.spring4.SpringTemplateEngine">

<property name="templateResolver" ref="templateResolver" />

<property name="additionalDialects">

<set>

<bean class="org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect" />

</set>

</property>

</bean>

我的pom.xml文件中的所有必需依赖项

<!--Spring security--> 

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-core</artifactId>

<version>4.0.1.RELEASE</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-web</artifactId>

<version>4.0.1.RELEASE</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-config</artifactId>

<version>4.0.1.RELEASE</version>

</dependency>

<!--Thymeleaf Spring Security-->

<dependency>

<groupId>org.thymeleaf.extras</groupId>

<artifactId>thymeleaf-extras-springsecurity4</artifactId>

<version>2.1.2.RELEASE</version>

<scope>compile</scope>

</dependency>

角色.java

@Entity

@Table(name = "roles")

public class Role implements Serializable {

@Id

@Enumerated(EnumType.STRING)

private RoleType name;

//... getters, setters

}

角色类型

public enum RoleType {

ADMIN

}

User拥有一套Role小号

为什么hasRole()不工作?

感谢您的帮助,谢谢

回答:

th:if="${#strings.contains(#authentication.principal.authorities,'ADMIN')}"

回答:

尝试在HTML标签内使用hasAuthority代替hasRole

sec:authorize="hasAuthority('ADMIN')"

以上是 Spring Security hasRole()无法正常工作 的全部内容, 来源链接: utcz.com/qa/410723.html

回到顶部