CODEWITHSUNDEEP
javaspring-bootauthorizationthymeleaf
Stacie
Stacie

Reputation: 306

Thymeleaf sec:authorize can you combine authorization for role OR different property?

I am using Thymeleaf, Spring-boot, and Java. I have li items for the nav bar, and want to set access for one of the li items, so that if loggedUser.client.policyType == specific access, or they have the role of admin, the link shows so they can access the page. I have tried th:authorize, sec:authorize, th:if.... none of it works. Any idea how to get this working?

<li th:authorize="${loggedUser.client.policyType == 'Access – NO AMS'} or hasRole('ROLE_ADMIN')" th:classappend="${currentPage == 'directBind'} ? 'active'"><a th:href="@{/directBind}"><img class="left"  height="60%" width="auto" src="/images/mail1.png"/> Direct Bind</a></li>

Upvotes: 1

Views: 1177

Answers (1)

Alain Cruz
Alain Cruz

Reputation: 5097

Have you tried the following?

<li th:if="${#authorization.expression('hasRole(''ROLE_ADMIN'') or ${loggedUser.client.policyType == 'Access – NO AMS'}')}">
   <a th:href="@{/directBind}"><img class="left"  height="60%" width="auto" src="/images/mail1.png"/> Direct Bind</a>
</li >

You would need to add the following dependency on your .pom in order to use the #authorization. The dependency can be added with the following code.

<dependency>
   <groupId>org.thymeleaf.extras</groupId>
   <artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>

Upvotes: 1

Related Questions