springsecurityspring-securitythymeleafdialect

Spring Security Dialect sec:authorize not parsed


I am building a small app using spring boot 2.1.0 and spring security. I am able to login and out using form authentication. However, the sec:authorize tag is not parsed or evaluated, the rendered html contains those attributes as-is.

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>nz.net.ultraq.thymeleaf</groupId>
        <artifactId>thymeleaf-layout-dialect</artifactId>
        </dependency>

Can't figure out what am i missing


Solution

  • Without much information given, there could be a few things that might not be set correctly. Anyways, this issue tend to always resolve by adding missing dependencies or changing the ones you are using. So, first, try changing to springsecurity5. And add the folowing @Bean.

    Configuration

    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;
    
    @Configuration
    public class LeafConfig {
    
        @Bean
        public SpringSecurityDialect springSecurityDialect(){
            return new SpringSecurityDialect();
        }
    
    }
    

    POM

    <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
            <version>3.0.4.RELEASE</version>
    </dependency>
    

    Also, if you are using <artifactId>spring-boot-starter-parent</artifactId>, don't add any version to your Thymeleaf Extras, let Spring Boot manage that for you.