CODEWITHSUNDEEP
htmlspringspring-securityroles
cmplx96
cmplx96

Reputation: 1651

spring security tags for html

I am trying to hide different html content based on what role is logged in. I set the namespace:

<html lang="en" xmlns:security="http://www.springframework.org/security/tags" xmlns:th="http://www.springframework.org/schema/mvc">

And then I tried something like this:

     <security:authorize access="hasRole('ADMIN')">
          <li><a href="/users">User Management</a></li>
     </security:authorize>

However I am getting this error message:

[THYMELEAF][http-nio-8080-exec-6] Fatal error during parsing
org.xml.sax.SAXParseException: The content of elements must consist of 
well-formed character data or markup.

Thanks!

EDIT:

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/security/tags">
<head>
    <meta charset="UTF-8"/>
    <title>Title</title>
</head>
<body>
<div th:fragment="navbar">
    <nav class="navbar navbar-default">
        <div class="container">
            <div class="navbar-header">
                <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="/"><label id="label-mhealth">mHealth Store</label></a>
        </div>

        <!-- Collect the nav links, forms, and other content for toggling -->
        <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
            < class="nav navbar-nav">
                <li class="dropdown">
                    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Product Management <span class="caret"></span></a>
                    <ul class="dropdown-menu">
                        <li><a href="/products">Product List</a></li>
                    </ul>
                </li>
            <security:authorize access="hasRole('ADMIN')">
                <li><a href="/users">User Management</a></li>
            </security:authorize>
        </div><!-- /.navbar-collapse -->
    </div><!-- /.container-fluid -->
    </nav>
</div>
</body>
</html>

Upvotes: 1

Views: 3416

Answers (1)

Ramjan Ali
Ramjan Ali

Reputation: 530

You are mixing Spring Security JSP tag with Thymeleaf. Replace the following one 

<security:authorize access="hasRole('ADMIN')">
       <li><a href="/users">User Management</a></li>
</security:authorize>

with this one 

<div sec:authorize="hasRole('ROLE_ADMIN')">
   <li><a href="/users">User Management</a></li>
</div>

Add thymeleaf th:sec namespace if you haven't yet.
Check here Thymeleaf Spring Security Integration (Look for Spring Security Dialect)

Upvotes: 1

Related Questions