EL1043E: Unexpected token. Expected 'rparen())' but was 'lcurly({)

[1248142645]

version: spring.core-5.1.7.RELEASE spring-expression-5.1.7.RELEASE spring.security.web-5.1.5.RELEASE

code: <button type="button" th:class="|btn ${post.type == 0 ? 'btn-danger' : 'btn-info'} btn-sm|" id="topBtn" th:text="${post.type == 0 ? 'top' : 'untop'}" sec:authorize="hasAnyAuthority('Forum_2', 'Forum_'+${post.forumId})"> </button>

exception: Caused by: org.springframework.expression.spel.SpelParseException: Expression [hasAnyAuthority('Forum2', 'Forum'+${post.forumId})] @37: EL1043E: Unexpected token. Expected 'rparen())' but was 'lcurly({)' at org.springframework.expression.spel.standard.InternalSpelExpressionParser.internalException(InternalSpelExpressionParser.java:1044) ~[spring-expression-5.1.7.RELEASE.jar:5.1.7.RELEASE]

Or tell me where the source path is hasAnyAuthority

[1248142645]

sec:authorize="${hasAnyAuthority('Forum_'+#vars.post.forumId)}"

[danielfernandez]

This exception is thrown by the SpringEL perser, not Thymeleaf. I suspect the "Spring Security flavour" of SpringEL being sued in sec:authorize does not like your string append operation there, but please refer to the Spring Security documentation for a better explanation.