I am trying to get my web Application to work again with the new Spring Boot version 1.3.5, but the thymeleaf dialect does not seem to work any longer.
I added
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
to my .pom and even registered a bean in my security configuration:
@Bean
public SpringSecurityDialect springSecurityDialect(){
SpringSecurityDialect dialect = new SpringSecurityDialect();
return dialect;
}
(although I would assume spring boot would do that for me anyway). Wen using expressions like, e. g.
<li sec:authorize="hasRole('SITE_ADMIN') || hasRole('TENANT_ADMIN')">Admin
</li>
the expression will not be rendered, as the role seems to be null although I can inject my custom User element into the controller:
@RequestMapping(value="/", method=RequestMethod.GET)
public String homePage(@AuthenticationPrincipal VZUser user, Model model){
model.addAttribute("email", user.getEmail());
return "home/index";
}
From debugging, I see the Principal object injected is not null, but the template does not seem to be able to parse the sec: objects. I deleted the xmlns namespace and reinserted it without effect. And the documentation on this feature is quite frankly appalling. Anything I miss?
Oh yeah. The same code (without the new dependency and with the namespace declaration in the xhtml template) worked in Spring Boot 1.3.2...
UPDATE
I think it has to do with the fact that I use a custom UserDetailsService. I have no problems with the in memory service. however, My custom User implementation just has the following:
@Override
public Collection<? extends GrantedAuthority> getAuthorities(){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for(VZUserRoles role: roles){
authorities.add(new SimpleGrantedAuthority(role.name()));
}
return authorities;
}
I define an elementary UserDetails Service and put it int the AuthenticationMAnagerBuilder. Authentication works fine, it just does not seem to get passed along to the view.