Skip to content

Instantly share code, notes, and snippets.

@piyusht007
Created June 11, 2020 10:32
Show Gist options
  • Save piyusht007/9340c16c76bab709d263c0e2d619a54d to your computer and use it in GitHub Desktop.
Save piyusht007/9340c16c76bab709d263c0e2d619a54d to your computer and use it in GitHub Desktop.
Role checking Cheatsheet in Spring security and Thymeleaf
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<div>
<b>Username:</b>
<div sec:authentication="name">
The value of the "name" property of the authentication object should appear here.
</div>
</div>
<div>
<b>User Roles: </b>
<div sec:authentication="principal.authorities"></div>
</div>
<div>
<b>Role checking:</b>
<div sec:authorize="isAuthenticated()">1. User is authenticated.</div>
<div th:if="${#strings.contains(#authentication.principal.authorities, 'ROLE_ADMIN')}">
2. User has authority ADMIN.
</div>
<div th:if="${#authorization.expression('hasAuthority(''ROLE_ADMIN'')')}">
3. User has authority ADMIN.
</div>
<div th:if="${#authorization.expression('hasRole(''USER'')')}">
4. User has role USER.
</div>
<div sec:authorize="hasRole('USER')">5. User has role USER.</div>
<div sec:authorize="hasAuthority('ROLE_ADMIN')">6. User has authority ADMIN.</div>
<div sec:authorize="hasAuthority('ROLE_ADMIN')">7. User has authority ADMIN.</div>
</div>
</html>
@piyusht007
Copy link
Author

piyusht007 commented Jun 11, 2020

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment