I'm using Spring Cloud Gateway (which uses Webflux), but there is a bug which is preventing me displaying content to ONLY those who are not logged in (using thymeleaf).
Actual Behavior
elements with sec:authorize="isAuthenticated()" works fine and displays expected behaviour
however sec:authorize="!isAuthenticated()" does not seem to work. When the user is not authenticated, then nothing is shown. If the user is authenticated, an exception is thrown. (Caused by: org.thymeleaf.exceptions.TemplateProcessingException: Authorization-oriented expressions (such as those in 'sec:authorize') are restricted in WebFlux applications due to a lack of support in the reactive side of Spring Security (as of Spring Security 5.1). Only a minimal set of security expressions is allowed: [isAuthenticated(), isFullyAuthenticated(), isAnonymous(), isRememberMe()] (template: "login" - line 66, col 8))
elements with sec:authorize="isAnonymous()" never display
Expected Behavior
sec:authorize="!isAuthenticated()" should display content to users that haven't been authenticated, and shouldn't display anything to users that have logged in
sec:authorize="isAnonymous()" should display content to users that haven't been authenticated, and shouldn't display anything to users that have logged in
Configuration
I have my spring security dialect bean defined, as I know this causes issues for some
@Bean
public SpringSecurityDialect springSecurityDialect() {
return new SpringSecurityDialect();
}
Summary
I'm using Spring Cloud Gateway (which uses Webflux), but there is a bug which is preventing me displaying content to ONLY those who are not logged in (using thymeleaf).
Actual Behavior
Expected Behavior
Configuration
I have my spring security dialect bean defined, as I know this causes issues for some
It's importing org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;
Version