Springboot整合SpringSecurity遇到的坑
今天在使用springboot2.1.5整合SpringSecurity过程中,发现sec:这个标签输出的语句好像无效,查阅很多资料发现好像是版本问题,但网上仅说2.0.x版本前如何除了,最后通过修改SpringSecurity的版本和html名称空间解决问题.
1.环境
首先说一下我的环境:
Spingboot 2.1.5
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.15.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
自动导入了thymeleaf模块
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--其中的版本是-->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
<version>3.0.11.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-java8time</artifactId>
<version>3.0.4.RELEASE</version>
<scope>compile</scope>
</dependency>
自动导入security模块
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--其中的版本是-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>5.1.16.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.11.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.1.11.RELEASE</version>
<scope>compile</scope>
</dependency>
2.遇到的问题
导入springsecurity4的名称空间,发现有自动补全,我以为我对了很开心
<!--如果没有认证-->
<div sec:authorize="!isAuthenticated()">
<h2 align="center">游客您好,如果想查看武林秘籍 <a th:href="@{/login}">请登录</a></h2>
</div>
<!--如果已经认证-->
<div sec:authorize="isAuthenticated()">
<h2 align="center"><span sec:authentication="name"></span>您好,您的角色有:
<span sec:authentication="principal.authorities"></span></h2>
<form th:action="@{/logout}" method="post">
<input type="submit" value="注销">
</form>
</div>
在导入名称空间以后,进入对应网页,却发现没有任何效果,所有标签体原样输出
想了下,应该是版本问题
3.解决问题
在查阅了很多答案后,发现大家调用的都是springsecurity4的名称空间
但事实上,查阅文档发现,2.1.x版本后已经改成springsecurity5的名称空间了
https://github.com/thymeleaf/thymeleaf-extras-springsecurity
**Status**
This is a *Thymeleaf Extras* module, not a part of the Thymeleaf core (and as such following its own versioning schema), but fully supported by the Thymeleaf team.
This repository contains 3 projects:
- **thymeleaf-extras-springsecurity3** for integration with Spring Security 3.x
- **thymeleaf-extras-springsecurity4** for integration with Spring Security 4.x
- **thymeleaf-extras-springsecurity5** for integration with Spring Security 5.x
Current versions:
- **Version 3.0.4.RELEASE** - for Thymeleaf 3.0 (requires Thymeleaf 3.0.10+)
- **Version 2.1.3.RELEASE** - for Thymeleaf 2.1 (requires Thymeleaf 2.1.2+)
**Requirements (3.0.x)**
- Thymeleaf **3.0.10+**
- Spring Framework version **3.0.x** to **5.1.x**
- Spring Security version **3.0.x** to **5.1.x**
- Web environment (Spring Security integration cannot work offline). Works with both Spring MVC and Spring WebFlux.
**Namespace**
The namespace for all versions of this dialect is http://www.thymeleaf.org/extras/spring-security.
<html xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
很明显,名称空间发生了变化
然后根据说明文档可以看出,SpringSecurity需要注入的依赖是springsecurity5
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
修改了名称空间后的html,Sec也有自动补全提示了
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1 align="center">欢迎光临武林秘籍管理系统</h1>
<!--如果没有认证-->
<div sec:authorize="!isAuthenticated()">
<h2 align="center">游客您好,如果想查看武林秘籍 <a th:href="@{/login}">请登录</a></h2>
</div>
<!--如果已经认证-->
<div sec:authorize="isAuthenticated()">
<h2 align="center"><span sec:authentication="name"></span>您好,您的角色有:
<span sec:authentication="principal.authorities"></span></h2>
<form th:action="@{/logout}" method="post">
<input type="submit" value="注销">
</form>
</div>
输出一切正常,sec:这样的模板引擎有用了
4.总结(springboot2.1.x以上)
1.注入依赖要更改
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
2.名称空间需要更改
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
很高兴解决了问题,有问题可以在评论去讨论哈
参考源码文档:https://github.com/thymeleaf/thymeleaf-extras-springsecurity