combining sec:authorize and layout:fragment

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

combining sec:authorize and layout:fragment

hgrimm

Hi,
I'm trying to set a layout:fragment conditionally based on if the user is authenticated.
The second layout:fragment is being used regardless if the user is logged in or not:

	<div sec:authorize="isAuthenticated()">
		<h1 layout:fragment="header" th:text="#{index.title}">Monitor</h1>
	</div>
	<div sec:authorize="!isAuthenticated()">
		<h1 layout:fragment="header" th:text="#{login.title}">Welcome</h1>
	</div>
Here is my spring configuration:
	<bean id="templateEngine" class="org.thymeleaf.spring3.SpringTemplateEngine">
		<property name="templateResolver" ref="templateResolver" />
		<property name="additionalDialects">
			<set>
				<bean class="org.thymeleaf.extras.springsecurity3.dialect.SpringSecurityDialect" />
				<bean class="nz.net.ultraq.web.thymeleaf.LayoutDialect" />
			</set>
		</property>
	</bean>
Can layout:fragment be combined with sec:authorize?

Thanks,
Holly
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

Emanuel
Administrator
They should work together, but I think I see what's going on here: the layout dialect makes a single pass at the beginning of processing your templates, collecting all the fragments for later use.  Since you've got 2 fragments called "header", the second one overrides the first one, so is always used.

The way you're using it makes it a bug, so I'll raise an issue for it on the GitHub page to maybe think about solving it later.  In the meantime, an alternative solution for your case might be this:

<h1 layout:fragment="header" th:text="${#authorization.expression('isAuthenticated()')} ? #{index.title} : #{login.title}"></h1>
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

sunil0791
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

sunil0791
Hi,

A user is always Authenticated and is always true.
Even if the user is not logged in, he is authenticated as an anonymousUser and Authenticated is set to true.

I would recommend using this:
        <div th:if="${#authorization.expression('hasRole(''ROLE_USER'')')}">
		<h1 layout:fragment="header" th:text="#{index.title}">Monitor</h1>
	</div>
	<div th:unless="${#authorization.expression('hasRole(''ROLE_USER'')')}">
		<h1 layout:fragment="header" th:text="#{login.title}">Welcome</h1>
	</div>
and make sure you have set use-expressions="true" in spring security configuration.

If you still face the same problem, then i think it would be a bug and you can go for an alternate has Emanuel mentioned until the bug is fixed.But use something like this:

<h1 layout:fragment="header" th:text="${#authorization.expression('hasRole(''ROLE_USER'')')} ? #{index.title} : #{login.title}"></h1>
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

hgrimm

Thanks Emanuel, I will use the workaround.

Sunil, isAuthenticated() was working as expected. From spring security docs:

isAuthenticated()	Returns true if the user is not anonymous
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

sunil0791
Hi hgrimm,
 you were right about isAuthenticated, i thought it would return isAuthenticated of Principle class.

Thanks for the reply
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

irfan
In reply to this post by sunil0791
i m banging my hand on the floor but this error piss me off

i got "An error happened during template parsing (template: "ServletContext resource [/WEB-INF/jsp/home.html]")"  when i use "
<div th:if="${#authorization.expression('hasRole(''ROLE_Agent'')')}">"  please help me
Reply | Threaded
Open this post in threaded view
|

Re: combining sec:authorize and layout:fragment

Reiju
sec:authorize="hasRole('ROLE_NAME')"

or

th:if="${#request.isUserInRole('NAME')}"