gpt4 book ai didi

java - Thymeleaf:sec:authentication 在任何情况下都会显示,而 sec:authorize 在任何情况下都不会出现

转载 作者:行者123 更新时间:2023-12-02 01:53:11 30 4
gpt4 key购买 nike

每个<div>sec:authentication="..."无论是否登录都会显示。甚至是明确的false导致div出现。

另一边<div>sec:authorize="..."即使有明确的 true 也是隐藏的.

我尝试在 ServletContextConfig 中检查 Maven 依赖项、Spring MVC 配置、Spring Security Dialect和许多其他答案,但没有解决方案适合我的情况。

index.html:

<!DOCTYPE html>
<html
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<meta charset="UTF-8"/>
<title>blah blah</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" rel="stylesheet"/>
</head>

<body style="text-align: center;">

<div sec:authentication="true">
authentication - always
</div>

<div sec:authentication="false">
authentication - never
</div>

<div class="container" sec:authentication="isAnonymous()">
authentication - anonymous
</div>

<div class="container" sec:authentication="!isAnonymous()">
authentication - not anonymous
</div>

<div class="container" sec:authentication="isAuthenticated()">
authentication - authenticated
</div>

<div class="container" sec:authentication="!isAuthenticated()">
authentication - not authenticated
</div>

<div sec:authorize="true">
authorize - always
</div>

<div sec:authorize="false">
authorize - never
</div>

<div class="container" sec:authorize="isAnonymous()">
authorize - anonymous
</div>

<div class="container" sec:authorize="!isAnonymous()">
authorize - not anonymous
</div>

<div class="container" sec:authorize="isAuthenticated()">
authorize - authenticated
</div>

<div class="container" sec:authorize="!isAuthenticated()">
authorize - not authenticated
</div>


<strong> Username: <span sec:authentication="name"></span> </strong>
<div th:text="${#authorization.getAuthentication()}">1</div>
<div th:text="${40}">1</div>




<!-- end of content! -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"></script>
</body>
</html>

预期结果(未登录时):

authentication - always

authentication - anonymous

authentication - not authenticated

authorize - always

authorize - anonymous

authorize - not authenticated

Username: Anonymous

40

实际结果:

authentication - always

authentication - never

authentication - anonymous

authentication - not anonymous

authentication - authenticated

authentication - not authenticated

Username:

40

最佳答案

随着挖掘越来越多的解决方案,我找到了一个适合我的解决方案:

  1. SecurityConfig.configure() 处不得有类似 web.ignoring().antMatchers("/"); 的内容。
    IE。您要应用“授权过滤器”的页面不得设置为安全忽略。
  2. index.html 中使用 sec:authorize,而不是 sec:authentication(这会导致错误)。

工作index.html:

<!DOCTYPE html>
<html
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<meta charset="UTF-8"/>
<title>bla bla bla</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" rel="stylesheet"/>
</head>

<body style="text-align: center;">

<div sec:authorize="true">
authorize - always
</div>

<div sec:authorize="false">
authorize - never
</div>

<div class="container" sec:authorize="isAnonymous()">
authorize - anonymous
</div>

<div class="container" sec:authorize="!isAnonymous()">
authorize - not anonymous
</div>

<div class="container" sec:authorize="isAuthenticated()">
authorize - authenticated
</div>

<div class="container" sec:authorize="!isAuthenticated()">
authorize - not authenticated
</div>

<strong> Username: <span sec:authentication="name"></span> </strong>
<div th:text="${#authorization.getAuthentication()}">1</div>
<div th:text="${40}">1</div>

<!-- end of content! -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"></script>
</body>
</html>

结果:(登录时)

authorize - always

authorize - not anonymous

authorize - authenticated

Username: test2

org.springframework.security.authentication.UsernamePasswordAuthenticationToken@00000000: Principal: ....

40

(未登录时)

authorize - always

authorize - anonymous

authorize - not authenticated

Username: anonymousUser

org.springframework.security.authentication.UsernamePasswordAuthenticationToken@00000000: Principal: ....

40

关于java - Thymeleaf:sec:authentication 在任何情况下都会显示,而 sec:authorize 在任何情况下都不会出现,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52683357/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com