sec:authorize don't work in the thymeleaf code with hasRole method

Question

In my current spring-boot project, the header for my views have the following instruction:

<a sec:authorize="hasRole('admin')" th:href="@{/home}">...</a>

which is not working when I run the application and open the view in the browser (even when the user has the role). In the same view, I also use sec:authorize="isAuthenticated()" and sec:authorize="isAnonymous()", both working fine. In my java code, I have some methods with this annotation:

@PreAuthorize("hasRole('admin')")

which working fine, too. Why this is not working in the view? Anyone can tell me what's wrong here?

score 0 · Answer 1 · answered Jan 23 '15 at 09:19

0

Because you must add a "ROLE_" before your rolename.

Like this:

sec:authorize="hasRole('ROLE_admin')"

answered Jan 23 '15 at 09:19

Kalaschni

2,301
24
37

score 0 · Answer 2 · edited May 23 '17 at 12:08

0

The ROLE_ prefix should not be necessary as of Spring 3 I believe.

Try using hasAuthority('admin') instead of hasRole(). The difference between the two is descriped in this post

edited May 23 '17 at 12:08

Community

1
1

answered May 22 '16 at 00:02

randyr

1,679
1
11
17

sec:authorize don't work in the thymeleaf code with hasRole method

2 Answers2