sec:authorize dynamic syntax

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

sec:authorize dynamic syntax

kyrpav
I want to use sec:authorize for specific division but i can not find the proper syntax

i am using the next

sec:authorize="hasAuthority('theAuthority')"
The Authority should change automatically and it is created by three parts where the middle is the dynamic. So example of authority is :

part1 is static : text1|
part2 is dynamic: ${object}
part3 is static: |text3
So i have tried:

sec:authorize="hasAuthority('text1|${object}|text3')"
sec:authorize="hasAuthority('text1|'+${object}+'|text3')"
sec:authorize="hasAuthority('text1|'& ${object} & '|text3')"
What is the proper syntax
Reply | Threaded
Open this post in threaded view
|

Re: sec:authorize dynamic syntax

mkobel
I once had a similar issue.

I want a list of links. One is based on the static role. The other links are only shown if the user has a role with the name identically to the database.

So my snippet might help you:


            <ul sec:authorize="isAuthenticated()">
                <li sec:authorize="hasAnyRole('ROLE_TYPEA','ROLE_TYPEB','ROLE_ADMIN')">
                    Edit Profile
                </li>
                <li th:each="db : ${databases}"
                    th:if="${#authorization.expression('hasAnyRole(''ROLE_'+db.name()+''',''ROLE_ADMIN'')')}">
                    Calllog
                </li>               
            </ul>
Reply | Threaded
Open this post in threaded view
|

Re: sec:authorize dynamic syntax

kyrpav
I try to use

th:if="${#authorization.expression('hasAuthority(''text1''+''+${object.code}+''+''text2'')')}


it does not give error but it also probably does not translate the object so i do not see the div.
Reply | Threaded
Open this post in threaded view
|

Re: sec:authorize dynamic syntax

kyrpav
It works like this:

th:if="${#authorization.expression('hasAuthority(''text1'+object.code+'text2'')')}"