All geek questions in one place

Spring & thyme leaf update violated my authorization

I am updating the Spring download application from 1.3.5 to 1.4.4 (eventually 1.5.x), and I noticed that my Thymeleaf menu items are now broken. Here's how I got them:

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"> ... <ul class="nav pull-right"> <li sec:authorize="${!isAuthenticated()}"> <div> <span></span> </div> </li> <li sec:authorize="${isAuthenticated()}"> <span th:inline="text">Logged in as [[${#httpServletRequest.remoteUser}]</span> </li> </ul>

Then I made the following changes

 compile("org.springframework.boot:spring-boot-starter-thymeleaf") compile('org.thymeleaf.extras:thymeleaf-extras-springsecurity4:2.1.2.RELEASE')

to

 compile group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf', version: '1.4.4.RELEASE' compile group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity4', version: '3.0.2.RELEASE' compile group: 'org.thymeleaf', name: 'thymeleaf-spring4', version: '3.0.9.RELEASE'

However, an authorized item is displayed as if protection was bypassing. Has something changed that sec: authorize works the same way? I looked at the documentation of Timeleaf, and I do not see this. I know that an authenticated user has the appropriate roles and is authenticated.

Update

For what it's worth, I tried updating the bootstrap and jquery versions to:

 <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"/> <script src="https://use.fontawesome.com/releases/v5.0.6/js/all.js"></script> <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>

and have it in my html

 xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"

But this still does not fix the problem when the wrong item is displayed.

+5
source share
1 answer

Try sec:authorize="isAuthenticated()" instead of sec:authorize="${isAuthenticated()}"

Spring Boot 1.x uses thimeleaf 2, SB 2.x uses thimelear 3.

You need to do additional setup if you want to use thymeleaf 3 with SB 1.x: https://github.com/spring-projects/spring-boot/issues/4393

0
source

Source: https://habr.com/ru/post/1275495/

More articles:


All Articles