CODEWITHSUNDEEP
springspring-mvcspring-bootthymeleaf
needoriginalname
needoriginalname

Reputation: 721

How do I get a Spring boot to parse thymeleaf-extras-springsecurity tags?

I am creating a website using Spring Boot for the first time. I am using a test page to show that once the user has logged in, the words, "Authenticated" to appear on the screen when the user has logged in.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
    <meta charset="utf-8"/>
    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
</head>
<body>
<h2>Thymleaf example</h2>
<p sec:authorize="hasRole('ROLE_USER')">
    Authenticated
</p>
</body>
</html>

However, problem is that the tag with the sec:authorize remains unedited and unparsed. As a result, the Authenticated word appears regardless of whether a user logged in or not. Printing the user's authorities from controller confirms this.

my pom.xml file has the following dependencies. 

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    ... dependencies for mysql and jdbc are omitted.

Any help is appreciated. Note, I am using Spring Boot, so JAVA configurations are preferred over XML configurations.

Upvotes: 7

Views: 19032

Answers (4)

Agust&#237; S&#225;nchez
Agust&#237; S&#225;nchez

Reputation: 11223

Which version of Spring Boot are you using?

If it's 2.2.7.RELEASE, then you need Thymeleaf extras for Spring Security 5:

     <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>

And no extra configuration should be needed.

Upvotes: 0

jay chang
jay chang

Reputation: 101

Please use thymeleaf-extras-springsecurity4(version is 2.1.3.RELEASE),when your thymeleaf version is 2.1.x.Otherwise hasRole in the page of thymeleaf template will not work.

Upvotes: 0

Rupesh Kumar
Rupesh Kumar

Reputation: 9

1) Please add following into your prom.xml file within the tag to resolve java.lang.ClassNotFoundException: org.thymeleaf.dom.Attribute Exeption.

<thymeleaf-layout-dialect.version>2.2.1</thymeleaf-layout-dialect.version>

2) Add mentioned in the last post, add the following bean into your WebSecurityConfig class which extends WebSecurityConfigurerAdapter

@Bean
public SpringTemplateEngine templateEngine(ITemplateResolver templateResolver, SpringSecurityDialect sec) {
    final SpringTemplateEngine templateEngine = new SpringTemplateEngine();
    templateEngine.setTemplateResolver(templateResolver);
    templateEngine.addDialect(sec); // Enable use of "sec"
    return templateEngine;
}

3) Add following dependency, please note about the version, you need to force 3.0.1.RELEASE version

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.1.RELEASE</version>
</dependency>

Upvotes: -1

Robert Hume
Robert Hume

Reputation: 1171

Please try adding something like the following code to your @Configuration(or @SpringBootApplication) class:

@Bean
public SpringTemplateEngine templateEngine(ITemplateResolver templateResolver, SpringSecurityDialect sec) {
    final SpringTemplateEngine templateEngine = new SpringTemplateEngine();
    templateEngine.setTemplateResolver(templateResolver);
    templateEngine.addDialect(sec); // Enable use of "sec"
    return templateEngine;
}

Note that if you are forcing Spring Boot to use Thymeleaf version 3, you have to force also the version 3 of the thymeleaf-extras-springsecurity4 dependency:

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.1.RELEASE</version>
</dependency>

See also this related answer.

Upvotes: 8

Related Questions