将 Spring Boot 1.5 升级到 2 <sec:authorize> 不起作用

Posted

技术标签:

【中文标题】将 Spring Boot 1.5 升级到 2 <sec:authorize> 不起作用【英文标题】:Upgrading Spring Boot 1.5 to 2 <sec:authorize> not working 【发布时间】:2019-05-30 07:39:45 【问题描述】:

我一直在升级我的应用程序以使用 spring boot 2,但我的视图没有正确呈现。他们应该隐藏的内容不再有效。我的方法和页面仍然得到妥善保护,因此呈现页面似乎是个问题。此外,isAuthenticated 和 isAnonymous 也不起作用。

我已经尝试将我的安全标签更改为 xmlns:sec="http://www.thymeleaf.org/extras/spring-security" 从 xmlns:sec="http://www.thymeleaf.org /thymeleaf-extras-springsecurity4"

安全配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter 

@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;

@Autowired
private DataSource dataSource;

@Autowired
private CustomAccessDenied accessDeniedHandler;

@Value("$spring.queries.users-query")
private String usersQuery;

@Value("$spring.queries.roles-query")
private String rolesQuery;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception 
    auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery).dataSource(dataSource).passwordEncoder(bCryptPasswordEncoder);


@Override
protected void configure(HttpSecurity http) throws Exception 

    http.csrf().disable()
            .authorizeRequests()
                .antMatchers("/" , "/home").permitAll()
                .antMatchers("/admin/**").hasAnyRole("ADMIN, OWNER")
                .antMatchers("/register/**").hasAnyRole("ADMIN, CASHIER")
                .antMatchers("/staff/**").authenticated()
                .anyRequest().authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                    .invalidateHttpSession(true)
                    .clearAuthentication(true)
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                    .logoutSuccessUrl("/")
                    .permitAll()
                .and()
                .headers()
                .frameOptions().disable()
                .and()
                .exceptionHandling()
                    .accessDeniedHandler(accessDeniedHandler);


@Override
public void configure(WebSecurity web) throws Exception 
    web.ignoring().antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/pics/**", "/fonts/**");


html 页面

    <!DOCTYPE HTML>
    <html xmlns="http://www.w3.org/1999/xhtml" 
    xmlns:th="http://www.thymeleaf.org" 
    xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
    <head>
    <title>Home</title>
    <div th:replace="fragments/css"></div>

    </head>
    <body>
    <div th:replace="fragments/header"></div>
    <main>
    <div class="scale-transition scale-out" sec:authorize="isAnonymous()">
        <!-- USER NOT LOGGED IN MENU -->
        <div class="row" style="margin-top: 25px">
            <div class="col s12 m8 offset-m2">
                <form id="idcards">
                            <h1 class="center-align">SWIPE YOUR CARD TO LOGIN</h1>
               <h4 class="center-align">TAP GREY BOX IF NOT WORKING</h4>
                    <input class="center-align grey lighten-3" style="height: 100px; font-size: 60px" id="cardData" type='password' value='' autofocus>
                    <input class="hide" type="button" value="Fill fields" id="filler2" onClick="fillValuesInTextBoxes()">
                </form>
            </div>
            <div class="row">
                <div class="col s12 m8 offset-m2" style="margin-top: 50px">
                    <h3 class="center-align" style="text-decoration: underline;">ANNOUNCEMENTS</h3>
                    <div>
                        <div class="card-panel col s12 m4" th:each="announcementsList: $announcementsList">
                            <p class="col s12 m10 offset-m1" th:text="$announcementsList.text"></p>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    </main>
    <div th:replace="fragments/footer"></div>
</body>
</html>

依赖关系

 <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.0.RELEASE</version>
    <relativePath /> <!-- lookup parent from repository -->
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>

    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.webflow</groupId>
        <artifactId>spring-webflow</artifactId>
        <version>2.4.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>
        <version>27.0.1-jre</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-jpamodelgen</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
        <plugin>
            <artifactId>maven-compiler-plugin</artifactId>
            <configuration>
                <source>1.6</source>
                <target>1.6</target>
                <compilerArgument>-proc:none</compilerArgument>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.bsc.maven</groupId>
            <artifactId>maven-processor-plugin</artifactId>
            <executions>
                <execution>
                    <id>process</id>
                    <goals>
                        <goal>process</goal>
                    </goals>
                    <phase>generate-sources</phase>
                    <configuration>
                        <!-- source output directory -->
                        <outputDirectory>target/metamodel</outputDirectory>
                    </configuration>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>build-helper-maven-plugin</artifactId>
            <executions>
                <execution>
                    <id>add-source</id>
                    <phase>generate-sources</phase>
                    <goals>
                        <goal>add-source</goal>
                    </goals>
                    <configuration>
                        <sources>
                            <source>target/metamodel</source>
                        </sources>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

【问题讨论】:

【参考方案1】:

这个问题总是倾向于通过添加缺少的依赖项或更改您正在使用的依赖项来解决。因此,首先,尝试将 POM 的依赖项更改为 springsecurity5。如果这不起作用,请尝试添加以下@Bean

配置

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;

@Configuration
public class LeafConfig 

    @Bean
    public SpringSecurityDialect springSecurityDialect()
        return new SpringSecurityDialect();
    


POM

<dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>

由于您使用的是&lt;artifactId&gt;spring-boot-starter-parent&lt;/artifactId&gt;,因此不要将任何版本添加到您的 Thymeleaf Extras,让 Spring Boot 为您管理。

【讨论】:

在你回答我的时候找到了答案 很高兴您能解决您的问题。 :) 感谢您的标记。【参考方案2】:

替换了这个

<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.4.RELEASE</version>
</dependency>

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>

【讨论】:

以上是关于将 Spring Boot 1.5 升级到 2 <sec:authorize> 不起作用的主要内容,如果未能解决你的问题,请参考以下文章

从Spring Boot 1.5升级到2.0

多模块 Gradle 项目 - 从 Spring-Boot 1.5 迁移到 2.1

从 Spring Boot 1.5 升级时为 Spring Boot 2.0 acuator 框架配置安全性

升级到 Spring Boot 2 后,如何向 prometheus 公开缓存指标?

雪球 Spring Boot 2.0 升级经验谈

Spring Boot 2.0干货系列:Spring Boot1.5X升级到2.0指南