7

I am creating a website using Spring Boot for the first time. I am using a test page to show that once the user has logged in, the words, "Authenticated" to appear on the screen when the user has logged in.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
    <meta charset="utf-8"/>
    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
</head>
<body>
<h2>Thymleaf example</h2>
<p sec:authorize="hasRole('ROLE_USER')">
    Authenticated
</p>
</body>
</html>

However, problem is that the tag with the sec:authorize remains unedited and unparsed. As a result, the Authenticated word appears regardless of whether a user logged in or not. Printing the user's authorities from controller confirms this.

my pom.xml file has the following dependencies. 

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    ... dependencies for mysql and jdbc are omitted.

Any help is appreciated. Note, I am using Spring Boot, so JAVA configurations are preferred over XML configurations.

Improve this question

4 Answers 4

Reset to default
8

Please try adding something like the following code to your @Configuration(or @SpringBootApplication) class:

@Bean
public SpringTemplateEngine templateEngine(ITemplateResolver templateResolver, SpringSecurityDialect sec) {
    final SpringTemplateEngine templateEngine = new SpringTemplateEngine();
    templateEngine.setTemplateResolver(templateResolver);
    templateEngine.addDialect(sec); // Enable use of "sec"
    return templateEngine;
}

Note that if you are forcing Spring Boot to use Thymeleaf version 3, you have to force also the version 3 of the thymeleaf-extras-springsecurity4 dependency:

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.1.RELEASE</version>
</dependency>

See also this related answer.

Improve this answer
6
  • Error on the addDialect function. Exception in thread "main" java.lang.NoClassDefFoundError: org/thymeleaf/dialect/IExpressionEnhancingDialect and Caused by: java.lang.ClassNotFoundException: org.thymeleaf.dialect.IExpressionEnhancingDialect
    – needoriginalname
    Commented Jan 17, 2017 at 5:53
  • Which version of Thymeleaf are you using? It seems that you don't have the thymeleaf jar in your classpath! Please make sure you have the following lines in your pom.xml and clean your Maven project: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency>
    – Robert Hume
    Commented Jan 17, 2017 at 6:01
  • 1
    Thymeleaf verison 3.0.2 with the thymeleaf layout dialect being 2.1.1. The dependency tag you types was already in. Other parts of the site I am working on that just use the "th" prefix work fine. It just seems to be thymeleaf-extra-springsecurity tags that are being an issue. Here is a Pastebin for my entire pom.xml file if you need to see it: pastebin.com/TpteH3X4
    – needoriginalname
    Commented Jan 17, 2017 at 6:15
  • Ok, you are forcing Thymeleaf version 3.0.2, so try to add this version tag to your thymeleaf-extras-springsecurity4 dependency: <version>3.0.1.RELEASE</version> (latest version at this moment).
    – Robert Hume
    Commented Jan 17, 2017 at 7:33
  • 1
    Ok, got it working. I just simply stopped forcing the version, had to modify my html template files a bit because of some syntax changes. Thanks for the help.
    – needoriginalname
    Commented Jan 17, 2017 at 14:39
0

Please use thymeleaf-extras-springsecurity4(version is 2.1.3.RELEASE),when your thymeleaf version is 2.1.x.Otherwise hasRole in the page of thymeleaf template will not work.

Improve this answer
0

Which version of Spring Boot are you using?

If it's 2.2.7.RELEASE, then you need Thymeleaf extras for Spring Security 5:

     <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>

And no extra configuration should be needed.

Improve this answer
-1

1) Please add following into your prom.xml file within the tag to resolve java.lang.ClassNotFoundException: org.thymeleaf.dom.Attribute Exeption.

<thymeleaf-layout-dialect.version>2.2.1</thymeleaf-layout-dialect.version>

2) Add mentioned in the last post, add the following bean into your WebSecurityConfig class which extends WebSecurityConfigurerAdapter

@Bean
public SpringTemplateEngine templateEngine(ITemplateResolver templateResolver, SpringSecurityDialect sec) {
    final SpringTemplateEngine templateEngine = new SpringTemplateEngine();
    templateEngine.setTemplateResolver(templateResolver);
    templateEngine.addDialect(sec); // Enable use of "sec"
    return templateEngine;
}

3) Add following dependency, please note about the version, you need to force 3.0.1.RELEASE version

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.1.RELEASE</version>
</dependency>
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.