I struggle to get Thymeleaf to work with Spring Security in my Spring Boot 1.4.3 based project.
Tags like e.g.
<div sec:authorize="hasAuthority('ADMIN')">
are simply not parsed.
If I try to add the SpringSecurityDialect manually like this:
#Bean
public SpringSecurityDialect securityDialect() {
return new SpringSecurityDialect();
}
I am getting:
Exception in thread "main" java.lang.NoClassDefFoundError: org/thymeleaf/dialect/IExpressionEnhancingDialect
I have included the following in my dependencies:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
The SpringSecurityDialect does not seem to be added by the autoconfiguration.
After I add the Bean manually, I get the mentioned exception.
Is this a bug or am I missing something?
My Thymeleaf versions are:
<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
<thymeleaf-extras-java8time.version>3.0.0.RELEASE</thymeleaf-extras-java8time.version>
<thymeleaf-layout-dialect.version>2.1.2</thymeleaf-layout-dialect.version>
To get it working, if you are using Thymeleaf 3.0.2 with Spring Boot 1.4, you need to force version 3.0.1.RELEASE of thymeleaf-extras-springsecurity4 (because it inherits version 2.1.2 which does not work in combination with Thymeleaf 3):
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.1.RELEASE</version>
</dependency>
The tags should be using the hasRole function.
<div sec:authorize="hasRole('ROLE_ADMIN')">
If you use Spring Boot 2.0.0.RELEASE:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
you need just the following dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
Version of thymeleaf-extras-springsecurity4 will be inherited from the spring-boot-starter-parent and would be 3.0.2.RELEASE.
Thanks to #yglodt for pointing this out.
Also in your templates add spring-security namespace xmlns:sec="http://www.thymeleaf.org/extras/spring-security" and use hasRole instead of hasAuthority value in <sec:authorize> tag:
<div sec:authorize="hasRole('ROLE_ADMIN')">
...
</div>
I used to have the same problem.
Thymeleaf SpringSecurity only works with versions 3.x.x of thymeleaf, and the version that's shipped with Spring-boot is something like 2.x.x atm.
Looking up how to add v3.x.x to my project brought me to the following documentation page:
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-use-thymeleaf-3
So you just need to add your dependencies, and then add the following in your properties to override the default version of thymeleaf to your dependencies:
<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.1.1</thymeleaf-layout-dialect.version>
Related
I try to add Spring Data REST dependency using this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
After adding this dependency I catch an exception - java.lang.NoSuchMethodError: org.springframework.plugin.core.PluginRegistry.of(Ljava/util/List;)Lorg/springframework/plugin/core/PluginRegistry;
And the Action suggestion: Correct the classpath of your application so that it contains a single, compatible version of org.springframework.plugin.core.PluginRegistry
I tried to add this dependency to fix the problem:
<dependency>
<groupId>org.springframework.plugin</groupId>
<artifactId>spring-plugin-core</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
But it didn't help me.
How could I fix this problem?
I use Spring Boot version - 2.2.7.RELEASE, Maven version - 3.3.9
The requirement is to use spring boot version 2.2.6.RELEASE however the tomcat version should be 9.0.37.
I tried to do it by excluding the tomcat starter from the spring-boot-starter-web depdendency like so :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring-boot.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
And added the spring-boot-starter-tomcat separately which has the 9.0.37 tomcat version :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<version>2.3.2.RELEASE</version>
</dependency>
However even after doing so the version is not override and the following gets used :
Mar 11 2020 09:31:38 UTC
Apache Tomcat/9.0.33
9.0.33.0
Do we need to do anything else to override the tomcat version?
Is it possible to override it by excluding started?
Update:
The parent pom is a corporate parent pom and not the spring-boot-starter-parent. As per one of the answers we can simply override the tomcat.version property however my effective pom doesn't show it.
If you're not inheriting from spring-boot-starter-parent I can only guess that you import spring-boot-dependencies in your dependencies management somewhere.
The documentation covers what you need to do to override the tomcat version. Each tomcat artifact should be listed with the overridden version, before you imports spring-boot-dependencies. The list of artifacts can be found in spring-boot-dependencies.
Using a different version of the starter is wrong (you can't mix two Spring Boot versions in the same app) and will have no effect since dependency management is in control anyway. In other words, you'll get spring-boot-starter-web version 2.3.2.RELEASE indeed but all the artefacts that it brings will be managed by the dependency management (the tomcat version defined by version 2.2.6.RELEASE).
In that particular case of yours, upgrading to 2.2.9.RELEASE could also be an option as it provides dependency management for the tomcat version that you need.
Well, this has been already answered.
For you, as you are using maven, you need to override the properties set in parent Spring pom.
<properties>
......
<tomcat.version>your_version</tomcat.version>
......
<properties>
For gradle, it is simple as
ext['tomcat.version'] = '8.5.34'
in your main build.gradle
Source: How to change embedded tomcat's version in existing spring boot app?
I have a Spring MVC project which does NOT USE spring-boot.
Im trying to use Jackson2ObjectMapperBuilderCustomizer in my appConfig class to configure a default date format.
I have these two dependencies in already but I'm still getting an error on the ObjectMapper? I am using spring version 4. All the examples for using the Jackson2ObjectMapperBuilderCustomizer are using spring boot which seems to not need need a dependency
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
</dependency>`
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<version>2.9.8</version>
</dependency>`
The class is only part of Spring Boot dependencies. If you are determined to not use any Spring Boot dependencies, you will have to look for alternatives, otherwise you can use the following:
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>1.2.2.RELEASE</version>
</dependency>
Add jackson-datatype-jsr310 dependency . its an alternative for non spring boot projects.
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.10.1
I like to know if below is possible and how.
I was following a tutorial for spring boot and it was mentioned there we can have a parent dependency.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.6.RELEASE</version>
</parent>
And then define the dependencies without the version number.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
This will add the dependencies version 1.5.6.RELEASE of spring-boot-starter and spring-boot-starter-web in to the projects dependencies.
Just like that I want to find what is the <parent> code snippet for the following dependencies I need to add in to a new project.
Dependencies in <groupId>org.springframework</groupId>. I need to use the version 4.3.9.RELEASE.
spring-context
spring-jdbc
spring-test
Thanks!
If you are using Spring Boot then these three dependencies will be provided for you by the following starters:
spring-test will be provided by spring-boot-starter-test
spring-context will be provided by spring-boot-starter-data-jpa
spring-jdbc will be provided by spring-boot-starter-jdbc
So, with the following parent:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.6.RELEASE</version>
</parent>
... if you add these dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
... then you will get
spring-context
spring-jdbc
spring-test
However, Spring Boot 1.5.6.RELEASE depends on v4.3.10.RELEASE of those core Spring libraries not 4.3.9.RELEASE as suggested in your question. Typically, you would accept Spring's curation of dependencies so if Sping provides 4.3.10.RELEASE then either (a) you should use that version or (b) downgrade Spring Boot toa version which provides 4.3.9.RELEASE.
Read on for details on how to identify the correct starter for a given curated library ...
The spring-boot-starter-parent is a special starter that provides useful Maven defaults and a dependency-management section which defines numerous dependencies which you might want to use in your POM. These dependencies are often referred to as "curated" or "blessed" and since they are defined in a dependency-management section somewhere in the maven hierarchy you can refer to them in your POM without a version tag (i.e. they inherit the version from the dependency-management section entry.)
You can see the spring-boot-starter-parent POM here and peeking inside you can see that it references the spring-boot-dependencies POM here.
Looking at your question you mentioned that you can declare a dependency like so ...
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
... this is because the spring-boot-dependencies POM declares the following:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${revision}</version>
</dependency>
So, the parent and the starters are just a means of wrapping up dependency declarations and making them easier for application developers to use. The Spring docs summarise this as:
Starters are a set of convenient dependency descriptors that you can include in your application. You get a one-stop shop for all the Spring and related technologies that you need without having to hunt through sample code and copy-paste loads of dependency descriptors. For example, if you want to get started using Spring and JPA for database access, include the spring-boot-starter-data-jpa dependency in your project.
However, this does not mean that all dependencies must be declared via parents or starters so, if you are not using Spring Boot then you can declare a dependency without using a parent or a starter and what you have described in your question (declaring dependencies on 3 core Spring libraries) can be safely covered by simply depending on those 3 libraries explicitly. For example, just add the following to your your pom.xml:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>4.3.9.RELEASE</version>
<scope>test</scope>
</dependency>
Since you are going though the tutorials I'm assuming you are new to spring.
The folks at spring were nice enough to setup a site that generates projects.
It is very easy to use. I recommend trying that while learning. Download a few apps with the dependencies you want and look at how they are set up.
Once you are comfortable and want to dive deeper, read #glytching's answer again, it is very good.
Use spring-framework-bom if you don't use Spring Boot and need Spring Framework dependencies only:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.3.9.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
In such case dependency would be without version was specified:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
Also, yet another option exists if you use Spring Boot but you don't want to use spring-boot-starter-parent as parent artifact:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>1.5.9.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
See Spring Boot docs for more details. An important note from the docs:
Each release of Spring Boot is associated with a base version of the Spring Framework so we highly recommend you to not specify its version on your own.
It means that you should use Spring Framework version is defined for Spring Boot.
I've got a Spring Boot app. From what I understand a boot app will only need the dependency in the pom and all is great. Unfortunately, that's not the case and even when I overcomplicate my configuration it still doesn't work - I can't use the sec namespace in my pages.
In my page the first issue is the namespace URI:
I've tried every option available in the Intellij fix menu and can't get it.
I suppose the result of that issue is the fact that I can't use the sec namespace anywhere. The pictured example may indeed be an invalid use but I've used <div> as well which is straight from the Thymeleaf examples:
Many of the answers here and other sources are relying on xml configuration as well, which is of no use. Still, I've made Java-based beans based on those xml examples with no luck.
What steps are required to use spring security and thymeleaf integration in a spring boot app using only Java based configuration (if that)?
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
...
</dependencies>
I have encountered the same issue and for me it helped to define schema locations like this:
<html lang="en"
xmlns:th="http://www.thymeleaf.org"
xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.thymeleaf.org http://www.thymeleaf.org
http://www.ultraq.net.nz/thymeleaf/layout http://www.ultraq.net.nz/thymeleaf/layout
http://www.thymeleaf.org/thymeleaf-extras-springsecurity4 http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
...
This includes also additional dialects for layout and spring security 4 which you can remove if you are not using them.