'Check user role in Thymeleaf using Webflux security
I have a Spring Security 5 Reactive Applications using the "@EnableWebFluxSecurity" annotation.For my frontend I am using Thymeleaf.Now I have the problem that I can´t use sec:authorize:
<div sec:authorize="hasRole('ADMIN')">Text visible to admin.</div>
Using this tag I get this error:
Caused by: org.attoparser.ParseException: Authorization-oriented expressions (such as those in 'sec:authorize') are restricted in WebFlux applications due to a lack of support in the reactive side of Spring Security (as of Spring Security 5.1). Only a minimal set of security expressions is allowed: [isAuthenticated(), isFullyAuthenticated(), isAnonymous(), isRememberMe()]
So I can´t use this tag.
My Question is... How can I check the role of the logged in User in the frontend using the WebfluxSecurity?
Solution 1:[1]
I got the answer! I can get via the principals my user object and than I can check if the user contains the role:
<span th:if="${#sets.contains(#authentication.getPrincipal().roleNames, 'ROLE_ADMIN')}">
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | KollegeBo |