i've been trying to use thymeleaf's security tags but i can't get them to work.
This is my security class:
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
private Environment env;
#Autowired
private UserSecurityService userSecurityService;
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtility.passwordEncoder();
}
private static final String[] PUBLIC_MATCHERS = { "/css/**", "/js/**", "/image/**", "/", "/myAccount" };
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
http.csrf().disable().cors().disable().formLogin().failureUrl("/login?error").defaultSuccessUrl("/")
.loginPage("/login").permitAll().and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/?logout")
.deleteCookies("remember-me").permitAll().and().rememberMe();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
}
}
Pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
</dependencies>
Index.html
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<ul class="navbar-nav navbar-right">
<li class="nav-item"><a class="nav-link" href="#">Shopping
Cart</a></li>
<li class="nav-item"><a sec:authorize="isAnonymous()"
class="nav-link" th:href="#{/login}">My Account</a></li>
<li class="nav-item"><a sec:authorize="isAuthenticated()"
class="nav-link" th:href="#{/myProfile}">My Account</a></li>
<li class="nav-item"><a class="nav-link"
sec:authorize="isAuthenticated()" href="#{/logout}">Logout</a></li>
</ul>
My problem is that both the nav-items called My Account are showing on the page and i guess the tag sec:authorize doesn't get recognized or something like that or i'm clearly doing something wrong:( Do i need to do any other configurations? I'm using spring boot 2, i've tried solving this in different ways from changing the version of thymeleaf-extras-springsecurity4 to adding a bean in the spring context but it's still not working:(
In spring boot auto configuration, an instance of SpringSecurityDialect is not auto configured. Therefore, you are having this problem. Try adding a bean of SpringSecurityDialect like below, and I hope, it will work.
#Bean
public SpringSecurityDialect securityDialect() {
return new SpringSecurityDialect();
}
Related
I am creating simple crud system using spring boot. When I load the page it is working currectly. when I add a new link it display as HTTP Status 404 – Not Found Spring Boot I don't why everything I made currect way I attached screenshot with code below.
Error Screen
EmployeeController
#Autowired
private EmployeeService service;
#RequestMapping("/")
public String viewHomePage(Model model) {
List<Employee> listemployee = service.listAll();
model.addAttribute("listemployee", listemployee);
return "index";
}
#RequestMapping(value = "/new")
public String add(Model model) {
model.addAttribute("employee", new Employee());
return "new";
}
index.html
<table class="table">
<tbody>
<tr>
<td>
<a th:href="#{'/new'}">Add new</a>
</td>
</tr>
<tr th:each="employee : ${listemployee}">
<td th:text="${employee.id}">Employee ID</td>
<td th:text="${employee.firstName}">FirstName</td>
<td th:text="${employee.lastName}">LastName</td>
<td>
<a th:href="#{'/edit/' + ${employee.id}}">Edit</a>
<a th:href="#{'/delete/' + ${employee.id}}">Delete</a>
</td>
</tr>
</tbody>
</table>
folder structure
porm.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
application.properties
spring.jpa.hibernate.ddl-auto=create
spring.datasource.url=jdbc:mysql://localhost:3306/lindaschool?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC
server.error.whitelabel.enabled=false
server.port=7020
spring.datasource.username=root
spring.datasource.password=
#logging.level.root=WARN
spring.jpa.open-in-view=false
spring.thymeleaf.cache=false
The problem is package structure, you not following the standard package structure of spring boot and spring framework. By default spring boot application will only scans the classes annotated with any stereotype from main class and it's sub packages. I would recommend to move all dependency classes under sub packages of main class
com.example.crudbank
|
-------------------->CrudBankApplication.java
com.example.crudbank.service
|
--------------------->StudentService
com.example.crudbank.controller
|
----------------------> StudentController.java
com.example.crudbank.repository
|
-----------------------> StudentRepository.java
com.example.crudbank.domain
|
------------------------>StudentDomain.java
I have a Spring MVC project with Thymeleaf and in memory authentication.
In my html I want to display the current user that is logged in and diplay the logout button only when somebody is logged in.
Here is a simple html that should display the username, but is always displays Bob and a text that should only be displayed when somebody is logged in, but it's always displayed.
Any idea what I'm doing wrong?
Here is my pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>info.climbinggyms</groupId>
<artifactId>main</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>main</name>
<description>website with an overview of the existing climbing gyms</description>
<properties>
<java.version>8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.mail/javax.mail-api -->
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.3</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring4</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
My html:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org"
xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
layout:decorator="layout/root_layout"
lang="en">
<head>
<title>My Climbing Gyms</title>
</head>
<body>
<div layout:fragment="page-content">
<div class="container">
<section>
<br>
<br>
<br>
<h1>My Climbing Gyms</h1>
<p>Welcome to my climbing gyms</p>
<p>This is still under construction, this site only contains dummy data</p>
<div sec:authorize="isAuthenticated()">
This content is only shown to authenticated users.
</div>
<span sec:authentication="name">Bob</span>
</section>
</div>
</div>
</body>
</html>
and my security configuration:
package info.climbinggyms.main;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
#Configuration
#EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/admin/**").hasAnyRole("ADMIN","USER")
.and()
.csrf().disable().headers().frameOptions().disable()
.and()
.formLogin()
.and()
.logout();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("bleau83").password("{noop}bleau83").roles("ADMIN")
.and()
.withUser("user").password("{noop}user").roles("USER");
}
}
I updated my thymeleaf security to springsecurity5 and now it is working
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
I've had similar problem, my implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5' was missing from build.gradle altogether.
Yes, You need update to springsecurity5
thymeleaf-extras-springsecurity5
I'm trying to use Spring Boot, Spring Security 4, Thymeleaf.And if the user has role"admin" or anything else.The html block should be shown up.But now it always display on the page.
Here is my html
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<div sec:authorize="hasRole('ROLE_GUEST')">
<p class="bg-info">guest</p>
</div>
<div sec:authorize="hasRole('ROLE_ADMIN')">
<p class="bg-info">you can see this if you have permission to acess role_admin</p>
</div>
And here is my pom.xml i do add the thymeleaf-extras-springsecurity4. Also tried thymeleaf-extras-springsecurity3
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.zhongdihang.resp</groupId>
<artifactId>resp-parent</artifactId>
<version>1.0.0</version>
<relativePath>../resp-parent</relativePath>
</parent>
<artifactId>resp-serve</artifactId>
<packaging>war</packaging>
<name>Real estate sharing platform serve</name>
<description>Real estate sharing platform serve</description>
<dependencies>
<!-- Compile -->
<dependency>
<groupId>com.zhongdihang.resp</groupId>
<artifactId>resp</artifactId>
</dependency>
<dependency>
<groupId>com.zhongdihang.resp</groupId>
<artifactId>resp-test</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
<!-- Optional -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- Runtime -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<scope>runtime</scope>
<version>11.2.0.4</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.12</version>
</dependency>
<dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>sqljdbc4</artifactId>
<version>4.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.4.5</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.3.1</version>
</dependency>
<!--mapper -->
<dependency>
<groupId>net.sf.dozer</groupId>
<artifactId>dozer</artifactId>
<version>5.4.0</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
And here is my securityconfig
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
private PasswordEncoder passwordEncoder;
#Autowired
private RoleService roleService;
#Autowired
private SecurityUserDetailsService userDetailsService;
#Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(passwordEncoder);
return provider;
}
#Value("${" + ApplicationConstants.THIS_APP_CONFIG_PREFIX + ".security.debug:false}")
private boolean debug = false;
#Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(daoAuthenticationProvider());
}
private void configureExceptionHandling(ExceptionHandlingConfigurer<HttpSecurity> handler) {
handler.authenticationEntryPoint(new SecurityAuthenticationEntryPoint());
}
private void configureAuthorizeRequests(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
//registry.accessDecisionManager(new SecurityAccessDecisionManager());
registry.antMatchers("/login/**","/auth/**","/api/open/person/**","/api/booking/**","/api/module/menu","/api/booking").permitAll();
List<RoleEntity> list = roleService.findAll();
for (RoleEntity roleEntity : list) {
if(roleEntity.getModule()!=null) {
registry.antMatchers(roleEntity.getModule().getPath()+"/**").hasAuthority(roleEntity.getNumber()).anyRequest().authenticated();
}
}
registry.anyRequest().authenticated();
//registry.anyRequest().hasAnyRole("ADMINISTRATOR");
}
private void configureFilter(HttpSecurity http) throws Exception {
//http.addFilterBefore(new SecurityAuthorizationFilter(sessionrepo),
//UsernamePasswordAuthenticationFilter.class);
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();
configureFilter(http);
configureExceptionHandling(http.exceptionHandling());
configureAuthorizeRequests(http.authorizeRequests());
http.csrf().disable();
http.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.failureHandler(new SecurityAauthenticationFailureHandler())
.successHandler(new SecurityAuthenticationSuccessHandler())
.permitAll();
http.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new SecurityLogoutSuccessHandler())
.permitAll();
}
#Override
public void configure(WebSecurity web) throws Exception {
web.debug(debug);
web.ignoring().antMatchers(HttpMethod.OPTIONS);
web.ignoring().antMatchers("/assets/**");
web.ignoring().antMatchers("/**.ico");
web.ignoring().antMatchers("/v2/api-docs");
}
}
Anybody can help me?
thank you so much~
I'm using springboot 1.5.8.RELEASE thymeleaf 3.0.9.RELEASE,so i need to use latest org.thymeleaf.extras.so try to add
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.2.RELEASE</version>
</dependency>
in you pom.
WHat you are missing here is a tag in your HTML
xmlns:sec="http://www.thymeleaf.org/extras/spring-security".
You don't really need xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4" tag anyways if you're using Springboot.
Currently trying to create a simple login with spring Security but am getting an error that I am assume is because of something I am doing wrong with resolver view or controller. Just can't seem to figure out what. I get the following error
"There was an unexpected error (type=Internal Server Error, status=500).
Circular view path [home]: would dispatch back to the current handler URL [/home] again. Check your ViewResolver setup! (Hint: This may be the result of an unspecified view, due to default view name generation.)"
My Config:
#EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
public void configureGlobal(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/loginpage")
.permitAll().and()
.logout();
}
#Bean
public ViewResolver viewResolver(){
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setViewClass(JstlView.class);
resolver.setPrefix("/resources/templates");
resolver.setSuffix(".html");
return resolver;
}
public void addViewController(ViewControllerRegistry registry){
registry.addViewController("/home").setViewName("home");
registry.addViewController("/loginpage").setViewName("loginpage");
}
}
Controller:
#Controller
public class loginController {
#RequestMapping("/home")
public String homePage(Model model){
return "home";
}
#GetMapping("/loginpage")
public String loginGetter(Model model){
return "loginpage";
}
}
Login page:
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Title</title>
</head>
<body>
<div th:if="${param.error}">
Something is wrong
</div>
<div th:if="${param.logout}">
You have logged out
</div>
<div>
<form action="#{loginpage}" method="post">
<div><label>Username: <input type="text" name="username"/></in></label></div>
<div><label>Password: <input type="text" name="password"/></label></div>
<div><input type="submit" value="Sign in"/></in></div>
</form>
</div>
</body>
</html>
My Pom:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.ronone</groupId>
<artifactId>SecurityTutorial</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>1.5.2.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.thymeleaf/thymeleaf-spring3 -->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring3</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
</dependencies>
</project>
Try this :
#EnableWebSecurity
#Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{ ...}
Annotating a class with the #Configuration indicates that the class can be used by the Spring IoC container as a source of bean definitions.
In my current spring project, I had a view with this html code:
<th:block sec:authorize="isAuthenticated()">
<h2 sec:authentication="name"></h2>
</th:block>
<th:block sec:authorize="isAnonymous()">
<p> <a th:href="#{/loginPage}">Login</a> </p>
<p>
<ul>
<li> <a th:href="#{/homeFacebook}">Connect to Facebook</a> </li>
<li> <a th:href="#{/homeTwitter}">Connect to Twitter</a> </li>
</ul>
</p>
</th:block>
which when I run the application, nothing is being displayed in the page, because the conditionals sec:authorize="isAuthenticated()" and sec:authorize="isAnonymous()" are both returnin false;
My configuration:
At my Application.java class
#Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine engine = new SpringTemplateEngine();
engine.addDialect( new SpringSecurityDialect() );
return engine;
}
At my pom.xml file
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
<version>1.3.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring3</artifactId>
<version>3.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
I have other projects whit similar configuration working fine, but in this one i stuck this issue. Someone can see what's wrong here?
update
I change the pom.xml to this:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
<version>1.3.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring3</artifactId>
<version>LATEST</version>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>LATEST</version>
</dependency>
and now instead of show nothing, both blocks are being displayed. (if i remove thymeleaf-spring3 from list of dependencies in the pom.xml file, the page display none of the blocks, like before)
update 2
with this code, the page display nothing:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
with that one display both blocks:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity3</artifactId>
<version>LATEST</version>
</dependency>
but sec:authentication is not processed.