sec:authorize-url标签不生效问题

问题描述：

        我这里的项目使用spring cloud+thymeleaf+spring security，使用的thymeleaf和spring security整合的标签，网上的解决方法很多，很简单 sec:authorize="hasRole('ROLE_ADMIN')" 标签可以生效，但是我想控制button的显示与隐藏，

sec:authorize-url 无效，下面说一下解决方法，很简单，只是想不到。

    解决方法：

1.继承DefaultWebInvocationPrivilegeEvaluator并重写方法 

2.将DefaultWebInvocationPrivilegeEvaluator子类在WebSecurityConfigurerAdapter中进行注册

  点击参考博客：

   源码

import org.springframework.security.access.intercept.AbstractSecurityInterceptor;import org.springframework.security.core.Authentication;import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator;import org.springframework.stereotype.Component;@Componentpublic class CustomWebInvocationPrivilegeEvaluator extends DefaultWebInvocationPrivilegeEvaluator{    public CustomWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) {        super(securityInterceptor);    }    @Override    public boolean isAllowed(String uri, Authentication authentication) {        return super.isAllowed(uri, authentication);    }    @Override    public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {        return super.isAllowed(contextPath, uri, method, authentication);    }}

import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;import org.springframework.boot.context.properties.EnableConfigurationProperties;import org.springframework.context.annotation.Configuration;import org.springframework.core.annotation.Order;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.builders.WebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;import org.springframework.security.web.csrf.CsrfFilter;import org.springframework.security.web.csrf.CsrfToken;import org.springframework.security.web.csrf.CsrfTokenRepository;import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;import org.springframework.web.filter.OncePerRequestFilter;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.util.ArrayList;import java.util.List;@Configuration@EnableOAuth2Sso@EnableConfigurationProperties(SecuritySettings.class)@Order(1)public class SecurityConfiguration extends WebSecurityConfigurerAdapter {@Autowiredprivate CustomFilterSecurityInterceptor customFilterSecurityInterceptor;@Autowiredprivate SecuritySettings settings;@Autowiredprivate CustomWebInvocationPrivilegeEvaluator webInvocationPrivilegeEvaluator;@Overridepublic void configure(HttpSecurity http) throws Exception {http.addFilterBefore(customFilterSecurityInterceptor, FilterSecurityInterceptor.class).authorizeRequests().anyRequest().authenticated().and().csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher()).csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).logout().logoutUrl("/logout").permitAll().logoutSuccessUrl(settings.getLogoutsuccssurl()).and().exceptionHandling().accessDeniedPage(settings.getDeniedpage());}@Overridepublic void configure(WebSecurity web) throws Exception {//web.securityInterceptor(customFilterSecurityInterceptor);web.privilegeEvaluator(webInvocationPrivilegeEvaluator);//在这里进行注册web.ignoring().antMatchers("/assets/**","/styles/**","/images/**");}private CsrfSecurityRequestMatcher csrfSecurityRequestMatcher() {CsrfSecurityRequestMatcher csrfSecurityRequestMatcher = new CsrfSecurityRequestMatcher();List<String> list = new ArrayList<String>();//此处绝对拦截//list.add("/assets/");//list.add("/styles/");//list.add("/");csrfSecurityRequestMatcher.setExecludeUrls(list);return csrfSecurityRequestMatcher;}private Filter csrfHeaderFilter() {return new OncePerRequestFilter() {@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,FilterChain filterChain) throws ServletException, IOException {CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());if (csrf != null) {Cookie cookie = new Cookie("XSRF-TOKEN", csrf.getToken());cookie.setPath("/");response.addCookie(cookie);}filterChain.doFilter(request, response);}};}private CsrfTokenRepository csrfTokenRepository() {HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();repository.setHeaderName("X-XSRF-TOKEN");return repository;}}