Role checking Cheatsheet in Spring security and Thymeleaf

test.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
  <div>
    <b>Username:</b>
    <div sec:authentication="name">
      The value of the "name" property of the authentication object should appear here.
    </div>
  </div>
  <div>
    <b>User Roles: </b>
    <div sec:authentication="principal.authorities"></div>
  </div>
  <div>
    <b>Role checking:</b>
    <div sec:authorize="isAuthenticated()">1. User is authenticated.</div>
    <div th:if="${#strings.contains(#authentication.principal.authorities, 'ROLE_ADMIN')}">
      2. User has authority ADMIN.
    </div>
    <div th:if="${#authorization.expression('hasAuthority(''ROLE_ADMIN'')')}">
      3. User has authority ADMIN.
    </div>
    <div th:if="${#authorization.expression('hasRole(''USER'')')}">
      4. User has role USER.
    </div>
    <div sec:authorize="hasRole('USER')">5. User has role USER.</div>
    <div sec:authorize="hasAuthority('ROLE_ADMIN')">6. User has authority ADMIN.</div>
    <div sec:authorize="hasAuthority('ROLE_ADMIN')">7. User has authority ADMIN.</div>
  </div>
</html>

Prerequisite:

• Role names/authorities should be prefixed with "ROLE_"

References:

• https://stackoverflow.com/questions/19525380/difference-between-role-and-grantedauthority-in-spring-security - Look at the answer by James.
• https://www.marcobehler.com/guides/spring-security
• https://github.com/thymeleaf/thymeleaf-extras-springsecurity