根据用户角色隐藏某些侧边栏按钮?

vx6bjr1n  于 2021-07-26  发布在  Java
关注(0)|答案(4)|浏览(324)

我想知道如何让不同的角色看到特定的侧栏按钮根据他们的角色使用springboot5我有管理员和用户,我的管理员应该能够看到“管理人”按钮上的侧栏,而正常用户不会看到任何东西在侧栏。
侧边栏.html

<security:authorize access="hasAuthority('ROLE_ADMIN')">
    <li class="nav-item"><a class="nav-link collapsed"
        href="#" 
            data-toggle="collapse" data-target="#collapseMenu" aria-expanded="true"
            aria-controls="collapseMU"> </i>
                <span> <b>Manage People</b>
            </span>
        </a></li>
        <!-- sub-menu -->
        <div id="collapseMenu" class="collapse">
            <li class="nav-item"><a class="nav-link collapsed" href="#"
                data-toggle="collapse" data-target="#collapseGroup"
                aria-expanded="true" aria-controls="collapseGroup"></i> 
                <span>Show User Group</span>
            </a>
        </div>
     </security:authorize>

secconfig.java(部分)

protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().and().authorizeRequests().antMatchers("/").permitAll()
        antMatchers("/landing")
        .access("(hasAnyRole('ADMIN')
        .anyRequest()
        .authenticated()
        .and()
        .formLogin()
        .loginPage("/")
        .successHandler(loginSuccessHandler())
        .failureHandler(loginFailedHandler())
        .permitAll().and().logout().permitAll();
}

我试着添加 <security:authorize access="hasAuthority('ADMIN')"> 进入sidebar.html,但用户页面仍然可以看到侧栏上的“管理人员”按钮。我做错什么了吗?我是新来的。谢谢:3

rdrgkggo

rdrgkggo1#

如果您使用的是thymeleaf引擎,那么spring安全模块集成了“sec”方言。以下是详细信息
从链接:
这个sec:authorize attribute 当属性表达式的计算结果为true时呈现其内容:

<div sec:authorize="isAuthenticated()">
  This content is only shown to authenticated users.
</div>
<div sec:authorize="hasRole('ROLE_ADMIN')">
  This content is only shown to administrators.
</div>
<div sec:authorize="hasRole('ROLE_USER')">
  This content is only shown to users.
</div>

请记住,在使用之前,您需要在根标记中包含thymeleaf安全命名空间:

xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"
6ioyuze2

6ioyuze22#

这个sec:authorize attribute 当属性表达式的计算结果为true时呈现其内容:

<div sec:authorize="isAuthenticated()"> 

 <!-- The Content under this is visible when the user is login with any ROLE -->
    </div>

    <div sec:authorize="hasRole('ROLE_ADMIN')">

  <!-- The content under this is visible when login user is ADMIN-->

    </div>

    <div sec:authorize="hasRole('ROLE_USER')">

   <!-- The content under this is visible when login user has role 'USER' -->

    </div>
o4hqfura

o4hqfura3#

确保将此添加到您的thymeleaf标签中

xmlns:security="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5"

另外,在pom.xml文件中添加以下依赖项:

<dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
    </dependency>
ws51t4hk

ws51t4hk4#

首先,检查用户是否经过身份验证,然后检查其角色是否为admin,然后显示内容,即

<div sec:authorize="isAuthenticated()"> 
  <div sec:authorize="hasRole('ROLE_ADMIN')">

    <li class="nav-item"><a class="nav-link collapsed"
        href="#" 
            data-toggle="collapse" data-target="#collapseMenu" aria-expanded="true"
            aria-controls="collapseMU"> </i>
                <span> <b>Manage People</b>
            </span>
        </a></li>
        <!-- sub-menu -->
        <div id="collapseMenu" class="collapse">
            <li class="nav-item"><a class="nav-link collapsed" href="#"
                data-toggle="collapse" data-target="#collapseGroup"
                aria-expanded="true" aria-controls="collapseGroup"></i> 
                <span>Show User Group</span>
            </a>
        </div>

    </div>

</div>

相关问题