1
resposta

Utilizar thymeleaf-extras-springsecurity4

Estou tentando utilizar as tags de segurança do Thymeleaf, mas não obtive êxito. Fiz a declaração no cabeçalho xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4" do html e inclui algumas tags para validar:

<div th:text="${#authentication.name}">The value of the "name" property of the authentication object should appear here.</div>
                    <div th:if="${#authorization.expression('hasRole(''ADMIN'')')}">This will only be displayed if authenticated user has role ROLE_ADMIN.</div>
                    <div th:if="${#authorization.expression('hasRole(''USER'')')}">This will only be displayed if authenticated user has role ROLE_ADMIN.</div>
                    <div sec:authorize="hasRole('ADMIN')">This will only be displayed if authenticated user has role ROLE_ADMIN.</div>
                    <div sec:authorize="hasRole('USER')">This will only be displayed if authenticated user has role ROLE_USER.</div>

Porém, somente o atributo ${#authentication.name} está gerando valor no HTML. Está a faltar algo para configurar?

PS: Estou usando @Bean declarados via código, não xml.

Segue pom.xml:

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.0.RC2</version>
    </parent>
<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.poi</groupId>
            <artifactId>poi-ooxml</artifactId>
            <version>3.17</version>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        </dependency>
    </dependencies>
1 resposta

Fala Renan, tudo bem ?

Parece que não deveria ser muito problemática essa configuração. Dado que ela só requer o Bean do templateEngine-> readme do projeto.

O objeto que representa o usuário logado tem algumas das roles que o código da View checa ? Porque é estranho ele avaliar #authentication e ignorar #authorization. =/

Dê uma olhada nisso. Qualquer coisa volte a postar aqui!

Espero ter ajudado. Abraço!