首页

Spring Security hasRole() 不工作

java spring spring-mvc spring-security thymeleaf
2022-08-31 20:41:03

我在使用Spring Security && Thymeleaf时遇到了一个问题,特别是在尝试使用hasRole表达式时。“管理员”用户有一个角色“管理员”,但无论如何都会解析为假,我尝试一下hasRole('ADMIN')

我的网页:

1.<div sec:authentication="name"></div> <!-- works fine -->
2.<div sec:authentication="principal.authorities"></div> <!-- works fine -->

3.<div  sec:authorize="isAuthenticated()" >true</div> <!-- works fine -->
4.<span th:text="${#authorization.expression('isAuthenticated()')}"></span> <!-- works fine -->

5.<div th:text="${#vars.role_admin}"></div> <!--Works fine -->
6.<div  sec:authorize="${hasRole('ADMIN')}" > IS ADMIN </div> <!-- Doesnt work -->
7.<div  sec:authorize="${hasRole(#vars.role_admin)}" > IS ADMIN </div> <!-- Doesnt work -->
8.<div th:text="${#authorization.expression('hasRole(''ADMIN'')')} "></div> <!-- Doesnt work -->
9.<div th:text="${#authorization.expression('hasRole(#vars.role_admin)')}"></div> <!-- Doesnt work -->

结果:

1.admin
2.[ADMIN]
3.true
4.true
5.ADMIN
6."prints nothing because hasRole('ADMIN') resolves to false"
7."prints nothing because hasRole(#vars.role_admin) resolves to false"
8.false
9.false

我已在我的安全性文件中启用了使用表达式.xml

<security:http auto-config="true" use-expressions="true">

并且还在我的配置中包含了SpringSecurityDialect。

<bean id="templateEngine"
      class="org.thymeleaf.spring4.SpringTemplateEngine">
    <property name="templateResolver" ref="templateResolver" />  
    <property name="additionalDialects">
        <set>
            <bean class="org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect" />
        </set>
    </property>      
</bean>

我的 pom.xml 文件中的所有必要依赖项

<!--Spring security--> 
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>4.0.1.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>4.0.1.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>4.0.1.RELEASE</version>
    </dependency>        
    
    <!--Thymeleaf Spring Security-->
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>2.1.2.RELEASE</version>
        <scope>compile</scope>
    </dependency>

角色.java

@Entity
@Table(name = "roles")

    public class Role implements Serializable {
    
        @Id
        @Enumerated(EnumType.STRING)
        private RoleType name;
        //... getters, setters
    }

角色类型

public enum RoleType {

    ADMIN 
}

并有一套 sUserRole

为什么不工作?hasRole()

我感谢您的帮助,谢谢

解决方法

th:if="${#strings.contains(#authentication.principal.authorities,'ADMIN')}"


答案 1

尝试在 HTML 标记内使用。hasAuthorityhasRole

sec:authorize="hasAuthority('ADMIN')"

答案 2

你错过了一个概念:

  • 如果使用 ,则必须使用 , 而不是 。hasRole('ADMIN')ADMIN EnumROLE_ADMINADMIN
  • 如果使用 ,则必须是 。hasAuthority('ADMIN')ADMIN EnumADMIN

在弹簧安全中,与 相同,但功能映射不带前缀。hasRole()hasAuthority()hasRole()AuthorityROLE_

您可以在这篇文章中找到被接受的答案:春季安全中的角色和授权授权之间的区别


推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »