Spring 当从控制器加载模板时,Thymeleaf再次尝试进行身份验证
我想使用Thymeleaf从控制器渲染导航视图。但是,导航应该基于用户的权限,所以我不想将其从Spring安全性中排除。因此,我使用UrlTemplateResolver:Spring 当从控制器加载模板时,Thymeleaf再次尝试进行身份验证,spring,spring-mvc,spring-security,spring-boot,thymeleaf,Spring,Spring Mvc,Spring Security,Spring Boot,Thymeleaf,我想使用Thymeleaf从控制器渲染导航视图。但是,导航应该基于用户的权限,所以我不想将其从Spring安全性中排除。因此,我使用UrlTemplateResolver: package it.vertyze.platform.web.controllers; import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; import org.spr
package it.vertyze.platform.web.controllers;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.thymeleaf.spring4.SpringTemplateEngine;
import org.thymeleaf.templateresolver.UrlTemplateResolver;
@Configuration
public class VZMVCConfig extends WebMvcConfigurerAdapter {
@Autowired
private SpringTemplateEngine templateEngine;
@PostConstruct
public void templateResolverExtension(){
UrlTemplateResolver urlTemplateResolver = new UrlTemplateResolver();
urlTemplateResolver.setOrder(20);
templateEngine.addTemplateResolver(urlTemplateResolver);
}
}
然而,当我登录到我的网站,链接甚至没有得到解决。相反,我被重定向到登录页面。当我禁用安全性时,我会得到一个模板未找到错误,因此模板解析器不会呈现控制器的输出,但当我导航到它时,它会精确呈现我想要的HTML。
这是我的安全配置:
package it.vertyze.platform.web.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebMvcSecurity
public class VZWebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
VZUserDetailsService userDetailsService;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}
}
这里是我调用封闭模板中的链接的地方:
<div th:replace="${topNavLinks.getHref()}"></div>