Spring Security hasRole（）不起作用

本文介绍了Spring Security hasRole（）不起作用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

使用Spring Security&& ;;时遇到问题Thymeleaf，特别是在尝试使用 hasRole 表达式。 'admin'用户有一个'ADMIN'角色，但是 hasRole（'ADMIN'）无论如何都会解析为false

I'm facing a problem when using Spring Security && Thymeleaf, specifically when trying to use the hasRole expression. The 'admin' user has a role 'ADMIN' but hasRole('ADMIN') resolves to false anyway I try it

我的HTML：

1.<div sec:authentication="name"></div> <!-- works fine --> 2.<div sec:authentication="principal.authorities"></div> <!-- works fine --> 3.<div sec:authorize="isAuthenticated()" >true</div> <!-- works fine --> 4.<span th:text="${#authorization.expression('isAuthenticated()')}"></span> <!-- works fine --> 5.<div th:text="${#vars.role_admin}"></div> <!--Works fine --> 6.<div sec:authorize="${hasRole('ADMIN')}" > IS ADMIN </div> <!-- Doesnt work --> 7.<div sec:authorize="${hasRole(#vars.role_admin)}" > IS ADMIN </div> <!-- Doesnt work --> 8.<div th:text="${#authorization.expression('hasRole(''ADMIN'')')} "></div> <!-- Doesnt work --> 9.<div th:text="${#authorization.expression('hasRole(#vars.role_admin)')}"></div> <!-- Doesnt work -->

结果为：

1.admin 2.[ADMIN] 3.true 4.true 5.ADMIN 6."prints nothing because hasRole('ADMIN') resolves to false" 7."prints nothing because hasRole(#vars.role_admin) resolves to false" 8.false 9.false

我在security.xml文件中启用了 use-expressions

I have enabled use-expressions in my security.xml file

<security:http auto-config="true" use-expressions="true">

还包括我的配置中的SpringSecurityDialect

And also included the SpringSecurityDialect in my config

<bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine"> <property name="templateResolver" ref="templateResolver" /> <property name="additionalDialects"> <set> <bean class="org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect" /> </set> </property> </bean>

我的pom.xml文件中所有必需的依赖项

All the necessary dependencies in my pom.xml file

<!--Spring security--> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>4.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.0.1.RELEASE</version> </dependency> <!--Thymeleaf Spring Security--> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> <version>2.1.2.RELEASE</version> <scope>compile</scope> </dependency>

Role.java

Role.java

@Entity @Table(name = "roles") public class Role implements Serializable { @Id @Enumerated(EnumType.STRING) private RoleType name; //... getters, setters }

RoleType

public enum RoleType { ADMIN }

和用户有一套角色 s

为什么 hasRole（）无效？

感谢您的帮助，谢谢

th：if =$ {＃strings.contains（＃authentication.principal.authorities，'ADMIN'）}

推荐答案

尝试使用 hasAuthority 而不是 hasRole 在HTML标签内。

Try use hasAuthority instead hasRole inside HTML-tag.

sec:authorize="hasAuthority('ADMIN')"