I'm using Thymeleaf with spring security. In html code I'm checking user role:
<li class="has-sub" sec:authorize="hasRole('ROLE_ADMIN')">
</li>
but in spring I implemented own CustomSecurityExpressionRoot so I can use in controller for example
@PreAuthorize("hasAccess('PERMISSION')")
It is possible to connect Thymeleaf to be able to use hasAccess (and others) methods from my CustomSecurityExpressionRoot?
I would have put the logic in a singleton Spring bean:
@Component
public class AccessEvaluator {
public boolean hasAccess(Authentication authentication, String permission) {
// implementation
}
}
And then in Thymeleaf code:
<li th:if="${@accessEvaluator.hasAccess(#request.userPrincipal, 'PERMISSION')}">
</li>
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加