关于springboot进行安全验证的问题,sec:不起作用???
1:我在springboot中添加权限功能 在Html页面上利用themleaf 进行数据显示时不能正常按照应有的权限显示?
代码如下:
pom.xml文件
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
java
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
//定制请求授权规则
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/ghost/**").hasRole("Level1")
.antMatchers("/ghost1/**").hasRole("Level2")
.antMatchers("/ghost2/**").hasRole("Level3");
//开启登录功能,没有权限就会来到登陆页面 如果登陆错误会重定向到erro 表示登陆失败
http.formLogin();
//开启自动配置的注销功能,注销成功来到首页
http.logout().logoutSuccessUrl("/");
}
//自定义认证规则
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// super.configure(auth);
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).
withUser("张三")
.password(new BCryptPasswordEncoder().encode("123456"))
.roles("Level1","Level2")
.and()
.passwordEncoder(new BCryptPasswordEncoder())
.withUser("李四")
.password(new BCryptPasswordEncoder().encode("123456"))
.roles("Level2","Level3")
.and()
.passwordEncoder(new BCryptPasswordEncoder())
.withUser("王五")
.password(new BCryptPasswordEncoder().encode("123456"))
.roles("Level3");
}
}
html 首页显示如下:
<!DOCTYPE html>
:action="@{/logout}" method="post">
<input th:type="submit" th:value="注销">
</form>
</div>
<br>
<div sec:aut<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<meta charset="UTF-8">
<title>Home</title>
</head>
<body>
<h1 th:align="center">这是主页</h1>
<div >
<div style="display: inline">
<div sec:authorize="!isAuthenticated()">
游客您好!<a th:href="@{/login}">请登录</a>
</div>
<div sec:authorize="isAuthenticated()">
<span sec:authentication="name"></span>,您好!(<span sec:authentication="principal.getAuthorities()"></span>)
<form thhorize="hasRole('Level1')">
<h3>会员级别一</h3>
<h5><a href="/ghost/1">a1</a></h5>
<h5><a href="/ghost/2">a2</a></h5>
<h5><a href="/ghost/3">a3</a></h5>
</div>
<br>
<div sec:authorize="hasRole('Level2')">
<h3>会员级别二</h3>
<h5><a href="/ghost1/1">b1</a></h5>
<h5><a href="/ghost1/2">b2</a></h5>
<h5><a href="/ghost1/3">b3</a></h5>
</div>
<br>
<div sec:authorize="hasRole('Level3')">
<h3>会员级别三</h3>
<h5><a href="/ghost2/1">c1</a></h5>
<h5><a href="/ghost2/2">c2</a></h5>
<h5><a href="/ghost2/3">c3</a></h5>
</div>
</div>
<div style="display: inline;">
<h4>9999</h4>
</div>
</div>
</body>
</html>
问题: 这个sec:标签貌似并不起作用 第一次登陆游客的时候
<div sec:authorize="!isAuthenticated()">
游客您好!<a th:href="@{/login}">请登录</a>
</div>
<div sec:authorize="isAuthenticated()">
<span sec:authentication="name"></span>,您好!(<span sec:authentication="principal.getAuthorities()"></span>)
全显示出来了 请问咋回事??????
在roperties里面添加属性设置
<properties>
<!-- upgrade to thymeleaf version 3 -->
<thymeleaf.version>3.0.9.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
<thymeleaf-extras-springsecurity4.version>3.0.2.RELEASE</thymeleaf-extras-springsecurity4.version>
</properties>
后来发现添加这个还是不行 报了404......
最后更改了springboot版本 为
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.19.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
重启OK!
