I am starting to develop a website using Spring MVC 4. I'd like my website to have a top-navigation. When a user hovers over the top-navigation I want them to see a list of the pages that they have access to.
How do I achieve this in a Spring MVC 4 best-practice way?
To illustrate my example, imagine the following:
<ul id='menu-nav'>
<li><a href='homeURL'>Home</a></li>
<li><a href='page1URL'>Page 1</a></li>
<li><a href='page2URL'>Page 2</a></li>
</ul>
Above is a list of all the pages in my very limited website. Once each user logs in, I want them to only be able to see the links to the pages that they have access to.
So, as an example, a user logging in with ADMIN rights would see ALL the links. But a user who DOES NOT have ADMIN rights would only see links to the Home Page and Page 1.
Can anyone suggest a way to implement this?
I think this should work :
<ul id='menu-nav'>
<li><a href='homeURL'>Home</a></li>
<li><a href='page1URL'>Page 1</a></li>
<!-- For many roles -->
<!-- <security:authorize access="hasAnyRole('ADMIN', 'USER')"> -->
<!-- For one role -->
<security:authorize access="hasRole('ADMIN')">
<li><a href='page2URL'>Page 2</a></li>
</security:authorize>
</ul>
Check this answer : https://stackoverflow.com/a/11469342/8800147
Related
I'm almost finished with a project of mine (bare with me I'm a beginner). I want to hide the login link when a role (admin or user) is logged into database. I also want to display a link called "add grade" only when Admin(Manager) is logged in. I am working with spring boot, thymeleaf, spring security5 and h2 & jdbc.
To summarize I want to hide or show HTML based on user's role
UPDATE: it works when I use the <div sec:authorize... for "add grade" link. Now just trying to figure how to hide login link when any role is logged in.
This is my typical code for either including or not including in a navbar:
<li th:ref="navbar-item" sec:authorize="!isAuthenticated()">
<a th:text="'Login'" th:href="#{/login}"/>
</li>
If you mean don't include by "hide", wrap your link in a th:block.
<th:block sec:authorize="!isAuthenticated()">
<a th:text="'Login'" th:href="#{/login}"/>
</th:block>
Im using the laravel spatie/permissions bundle.
Working with that bundle i ran in to a problem. I have made multiple roles and have used the $role->givePermissionTo('view users') method to give my role the permission to see my users.
Now when i use #can('view users') i cannot see the link.
i made it like this:
#can('view users')
<li class="nav-item">
<a class="nav-link font-weight-bold" href="{{ route('user.index') }}">
{{ __('User Management') }}
</a>
</li>
#endcan
When i check if the user has the permission it says it does. How come it doesnt show the link?
I'm working on a Spring boot based web application and the homepage contains a boostrap navbar with Login and Register link.
Once user logs in (by clicking login link from homepage), they will be re-directed to home page again (unless they visit any other link before spring security kicks in for A&A). On re-direct, I want to hide login and register links from the navbar and show logout link in their place. Becuase I want to insert the navbar in all the pages of application.
I want to know what is the best/standard way of doing this when the requirement is re-direction to same page.
One solution that I can think of is to check and obtain a user-principal object from spring security, pass it to thymeleaf template and check that if userprincipal object is present in the request attribute to the thymeleaf template, that means a user has logged in and I can then hide(not-render) login & register links and show(render) logout link. If not, show login & register links and hide logout link. I'm wondering, is this a correct way to do so? This feels like a hack to me and hence want to know if there is any standard way of doing this.
There is a Thymeleaf Spring Security extension that you can use:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
Add the namespace
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
And then you can use it:
<li sec:authorize="!isAuthenticated()" class="nav-item">
<a class="btn btn-outline-light" th:href="#{/login}">Login</a>
</li>
<li sec:authorize="isAuthenticated()" class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false" sec:authentication="name">
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="pl-3" th:href="#{/password}">Passwort ändern</a>
<div class="dropdown-divider"></div>
<a class="pl-3" th:href="#{/logout}">Logout</a>
</div>
</li>
Please find the whole documentation here:
https://github.com/thymeleaf/thymeleaf-extras-springsecurity
I am working in CodeIgniter and I am stucked in an unusual problem. I have some text in ckeditor and everything is working just fine. but when I try to save list
<ul>
<li>item one</li>
<li>item two</li>
</ul>
after submitting it says
FORBIDDEN
You don't have permission to access
/myproject/folder/controler/method/id on this server.
kindly spread some light why is it happening
i already installed template AdminLTE in my laravel app.
but i not totally understand how to direct my slidebar menu to direct page.
ex:
<li><i class='fa fa-calculator'></i> <span>Calculator</span></li>
Set in the href= url that you want redirect to.
<li><i class='fa fa-calculator'></i> <span>Calculator</span></li>