我的 Spring Boot 项目在使用 Spring Security 和 Thymeleaf 时遇到问题。在 Thymeleaf 文件中,安全变量 ${#authentication} 始终为 null。另外,添加
sec:身份验证=“isAnonymous()”
或
sec:身份验证=“isAuthenticated()”
thymeleaf 中的 html 元素不会改变任何内容,并且具有这些属性的元素在注销和登录时始终可见。
我知道控制器在验证用户身份时没有问题,因为在下面的 HomeController.java 中,我通过 SecurityContextHolder 从当前登录的用户获取变量后将变量传递给模型。我在 Thymeleaf 中用 ${name} 打印它,它按预期打印。 这也是我知道我是否已登录或注销的方式,并且我知道登录有效并且用户可以通过控制器进行身份验证。
因此控制器对登录用户进行身份验证没有问题,但 Thymeleaf 却做不到。
也许值得一提的是,我的 Thymeleaf html 文件位于 resources/templates 路径中。
任何帮助将不胜感激。 预先感谢您。
SecurityConfig.java:
@Configuration
@EnableWebSecurity
public class SecurityConfig{
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.formLogin(form -> form.loginPage("/login"));
return http.build();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
HomeController.java:
@Controller
public class HomeController {
@GetMapping("/")
public String hello(Model model){
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
model.addAttribute("name",authentication.getName());
return "test/home";
}
}
home.html:
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
<title>Home</title>
</head>
<body>
<div>
<span th:text="${#authentication == null ? 'authentNull' : 'authentNotNull'}"></span>
<span th:text="${#authorization == null ? 'authNull' : 'authNotNull'}"></span>
<span sec:authentication="isAnonymous()" th:text="${'anonymous'}">anonymous</span>
<span sec:authentication="isAuthenticated()" th:text="${'authenticated'}">authenticated</span>
<h1 th:text="${name}"></h1>
</div>
</body>
</html>
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.2</version>
<relativePath/>
</parent>
<groupId>pl.edziennik</groupId>
<artifactId>edziennik</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>edziennik</name>
<description>E-dziennik</description>
<properties>
<java.version>17</java.version>
<spring.version>5.3.10.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.1-api</artifactId>
<version>1.0.2.Final</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.26</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>3.0.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
<version>3.1.2</version>
</dependency>
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
<version>3.2.1</version>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Thymeleaf 的输出(admin 是登录用户的用户名):
authentNull authNull anonymous authenticated
admin
我尝试更改这些文件中的许多内容,尤其是 pom.xml,但没有一个起作用。 例如,我尝试切换到 thymeleaf-extras-springsecurity4。另外,我尝试更改 html 文件中标记中的链接。还有我在 stackoverflow 上发现的许多其他东西。它们都不起作用。
问题是 thymeleaf-extras-springsecurity5 相对于我的项目版本已被弃用。我需要使用 thymeleaf-extras-springsecurity6 来代替。
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>