spring html 的安全标签
spring security tags for html
我试图根据登录的角色隐藏不同的 html 内容。
我设置命名空间:
<html lang="en" xmlns:security="http://www.springframework.org/security/tags" xmlns:th="http://www.springframework.org/schema/mvc">
然后我尝试了这样的事情:
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
但是我收到此错误消息:
[THYMELEAF][http-nio-8080-exec-6] Fatal error during parsing
org.xml.sax.SAXParseException: The content of elements must consist of
well-formed character data or markup.
谢谢!
编辑:
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/security/tags">
<head>
<meta charset="UTF-8"/>
<title>Title</title>
</head>
<body>
<div th:fragment="navbar">
<nav class="navbar navbar-default">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/"><label id="label-mhealth">mHealth Store</label></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
< class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Product Management <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="/products">Product List</a></li>
</ul>
</li>
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>
</div>
</body>
</html>
您正在将 Spring 安全 JSP 标签与 Thymeleaf 混合使用。
替换下面一个
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
用这个
<div sec:authorize="hasRole('ROLE_ADMIN')">
<li><a href="/users">User Management</a></li>
</div>
如果您还没有添加 thymeleaf th:sec 命名空间。
在此处查看 Thymeleaf Spring Security Integration(查找 Spring 安全方言)
我试图根据登录的角色隐藏不同的 html 内容。 我设置命名空间:
<html lang="en" xmlns:security="http://www.springframework.org/security/tags" xmlns:th="http://www.springframework.org/schema/mvc">
然后我尝试了这样的事情:
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
但是我收到此错误消息:
[THYMELEAF][http-nio-8080-exec-6] Fatal error during parsing
org.xml.sax.SAXParseException: The content of elements must consist of
well-formed character data or markup.
谢谢!
编辑:
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/security/tags">
<head>
<meta charset="UTF-8"/>
<title>Title</title>
</head>
<body>
<div th:fragment="navbar">
<nav class="navbar navbar-default">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/"><label id="label-mhealth">mHealth Store</label></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
< class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Product Management <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="/products">Product List</a></li>
</ul>
</li>
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>
</div>
</body>
</html>
您正在将 Spring 安全 JSP 标签与 Thymeleaf 混合使用。 替换下面一个
<security:authorize access="hasRole('ADMIN')">
<li><a href="/users">User Management</a></li>
</security:authorize>
用这个
<div sec:authorize="hasRole('ROLE_ADMIN')">
<li><a href="/users">User Management</a></li>
</div>
如果您还没有添加 thymeleaf th:sec 命名空间。
在此处查看 Thymeleaf Spring Security Integration(查找 Spring 安全方言)