All geek questions in one place

Thymeleaf 3.0 Spring Boot and security integration not working

I am trying to get Thymeleaf to work with Spring Security in my Spring Boot 1.4.3 project.

Tags for example

<div sec:authorize="hasAuthority('ADMIN')">

just do not understand.

If I try to add SpringSecurityDialect manually as follows:

 @Bean public SpringSecurityDialect securityDialect() { return new SpringSecurityDialect(); }

I get:

 Exception in thread "main" java.lang.NoClassDefFoundError: org/thymeleaf/dialect/IExpressionEnhancingDialect

In my dependencies, I have included the following:

  <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency>

SpringSecurityDialect does not seem to be added by autoconfiguration.

After adding the Bean manually, I get the specified exception.

Is this a mistake or am I missing something?

My versions of Thymeleaf:

  <thymeleaf.version>3.0.2.RELEASE</thymeleaf.version> <thymeleaf-extras-java8time.version>3.0.0.RELEASE</thymeleaf-extras-java8time.version> <thymeleaf-layout-dialect.version>2.1.2</thymeleaf-layout-dialect.version>
+6
source share
3 answers

To make it work, if you are using Thymeleaf 3.0.2 with Spring Boot 1.4, you need to force version 3.0.1.RELEASE thymeleaf-extras-springsecurity4 (since it inherits version 2.1.2, which does not work in combination with Thymeleaf 3) :

 <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> <version>3.0.1.RELEASE</version> </dependency>

The tags must use the hasRole function.

 <div sec:authorize="hasRole('ROLE_ADMIN')">
+11
source

If you are using Spring Boot 2.0.0.RELEASE :

 <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.0.0.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent>

you only need the following dependencies:

 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency>

The version of thymeleaf-extras-springsecurity4 will inherit from spring-boot-starter-parent and will be 3.0.2.RELEASE .

Thanks to @ yglodt for pointing this out.

Also in your templates add spring -security namespace xmlns:sec="http://www.thymeleaf.org/extras/spring-security" and use hasRole instead of the hasAuthority value in the <sec:authorize> :

 <div sec:authorize="hasRole('ROLE_ADMIN')"> ... </div>
+3
source

I had the same problem. Thymeleaf SpringSecurity only works with thimeleaf versions 3.xx, and the version that comes with Spring-boot is something like 2.xx atm.

Looking at how to add v3.xx to my project, I brought me to the following documentation page: http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-use-thymeleaf- 3

So, you just need to add your dependencies, and then add the following properties in the properties to override the default version of the thymeleaf for your dependencies:

 <thymeleaf.version>3.0.2.RELEASE</thymeleaf.version> <thymeleaf-layout-dialect.version>2.1.1</thymeleaf-layout-dialect.version>
+1
source

Source: https://habr.com/ru/post/1013619/

More articles:


All Articles