代码之家 › 专栏 › 技术社区 › Marios

将Spring Boot 1.5升级到2<sec:authorize>不工作

thymeleaf spring-security spring-boot spring

Marios · 技术社区 · 6 年前

我一直在升级我的应用程序以使用SpringBoot2,我的视图没有正确呈现。应该用隐藏的内容不再有效。我的方法和页面仍然得到了正确的保护,因此呈现页面似乎有问题。而且,我是真实的,我也不工作。

我尝试将更改为,并将安全标记更改为xmlns:sec=“http://www.thymeleaf.org/extras/spring-security”,从xmlns:sec=“http://www.thymeleaf.org/thymeleaf-extras-springsecurity4”

安全配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;

@Autowired
private DataSource dataSource;

@Autowired
private CustomAccessDenied accessDeniedHandler;

@Value("${spring.queries.users-query}")
private String usersQuery;

@Value("${spring.queries.roles-query}")
private String rolesQuery;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery).dataSource(dataSource).passwordEncoder(bCryptPasswordEncoder);
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable()
            .authorizeRequests()
                .antMatchers("/" , "/home").permitAll()
                .antMatchers("/admin/**").hasAnyRole("ADMIN, OWNER")
                .antMatchers("/register/**").hasAnyRole("ADMIN, CASHIER")
                .antMatchers("/staff/**").authenticated()
                .anyRequest().authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                    .invalidateHttpSession(true)
                    .clearAuthentication(true)
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                    .logoutSuccessUrl("/")
                    .permitAll()
                .and()
                .headers()
                .frameOptions().disable()
                .and()
                .exceptionHandling()
                    .accessDeniedHandler(accessDeniedHandler);
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/pics/**", "/fonts/**");
}
}

HTML页面

    <!DOCTYPE HTML>
    <html xmlns="http://www.w3.org/1999/xhtml" 
    xmlns:th="http://www.thymeleaf.org" 
    xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
    <head>
    <title>Home</title>
    <div th:replace="fragments/css"></div>

    </head>
    <body>
    <div th:replace="fragments/header"></div>
    <main>
    <div class="scale-transition scale-out" sec:authorize="isAnonymous()">
        <!-- USER NOT LOGGED IN MENU -->
        <div class="row" style="margin-top: 25px">
            <div class="col s12 m8 offset-m2">
                <form id="idcards">
                            <h1 class="center-align">SWIPE YOUR CARD TO LOGIN</h1>
               <h4 class="center-align">TAP GREY BOX IF NOT WORKING</h4>
                    <input class="center-align grey lighten-3" style="height: 100px; font-size: 60px" id="cardData" type='password' value='' autofocus>
                    <input class="hide" type="button" value="Fill fields" id="filler2" onClick="fillValuesInTextBoxes()">
                </form>
            </div>
            <div class="row">
                <div class="col s12 m8 offset-m2" style="margin-top: 50px">
                    <h3 class="center-align" style="text-decoration: underline;">ANNOUNCEMENTS</h3>
                    <div>
                        <div class="card-panel col s12 m4" th:each="announcementsList: ${announcementsList}">
                            <p class="col s12 m10 offset-m1" th:text="${announcementsList.text}"></p>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    </main>
    <div th:replace="fragments/footer"></div>
</body>
</html>

依赖关系

 <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.0.RELEASE</version>
    <relativePath /> <!-- lookup parent from repository -->
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>

    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.webflow</groupId>
        <artifactId>spring-webflow</artifactId>
        <version>2.4.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>
        <version>27.0.1-jre</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-jpamodelgen</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
        <plugin>
            <artifactId>maven-compiler-plugin</artifactId>
            <configuration>
                <source>1.6</source>
                <target>1.6</target>
                <compilerArgument>-proc:none</compilerArgument>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.bsc.maven</groupId>
            <artifactId>maven-processor-plugin</artifactId>
            <executions>
                <execution>
                    <id>process</id>
                    <goals>
                        <goal>process</goal>
                    </goals>
                    <phase>generate-sources</phase>
                    <configuration>
                        <!-- source output directory -->
                        <outputDirectory>target/metamodel</outputDirectory>
                    </configuration>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>build-helper-maven-plugin</artifactId>
            <executions>
                <execution>
                    <id>add-source</id>
                    <phase>generate-sources</phase>
                    <goals>
                        <goal>add-source</goal>
                    </goals>
                    <configuration>
                        <sources>
                            <source>target/metamodel</source>
                        </sources>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

2 回复 | 直到 6 年前

Alain Cruz 6 年前

这个问题总是倾向于通过添加缺少的依赖项或更改正在使用的依赖项来解决。因此,首先,尝试将POM的依赖项更改为 springsecurity5 . 如果不起作用,请尝试添加以下内容 @Bean .

配置

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;

@Configuration
public class LeafConfig {

    @Bean
    public SpringSecurityDialect springSecurityDialect(){
        return new SpringSecurityDialect();
    }

}

聚甲醛

<dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>

因为你在使用 <artifactId>spring-boot-starter-parent</artifactId> 不要给你的百里香附加版添加任何版本,让SpringBoot为你管理这个版本。

Marios 6 年前

替换这个

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.4.RELEASE</version>
</dependency>

具有

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>