Spring-security: SEC-3072: Provide Freemarker macro library
Angel D. Segarra (Migrated from SEC-3072) said:
Spring Framework Web MVC currently ships Freemarker and Velocity macro libraries along with the JSP taglib , but Spring security ships only a JSP taglib which leaves users of the other technologies without good options out of the box. To make matters worse JspTaglibs hash in Freemarker no longer works in Spring Boot. I am requesting support parity with at least Freemarker to match Spring Web MVC.
spring-issuemaster
All 6 comments
I've come up with a starting macro for this type of library below. @rwinch if we wanted to submit a pull request to start this could you give us some guidance on where it might be appropriate to live within the Spring Security ecosystem?
<#macro authorize ifAnyGranted>
<#assign authorized = false>
<#list Session["SPRING_SECURITY_CONTEXT"].authentication.authorities as authority>
<#if authority == ifAnyGranted>
<#assign authorized = true>
<#if authorized>
<#nested>
rob-baily
on 31 May 2017
Thanks!
I honestly think the first step is to ensure that this support is migrated to use objects that are populated on the request attributes. Then libraries can leverage those objects to ensure they get consistent results. View technologies that are fairly flexible could even just use the objects directly without needing a specific DSL this way.
rwinch
on 2 Jun 2017
@rwinch So the only reference I could find on how to get access to the Spring security information is here which mentions session but not request objects. Is there a better place to find out where they would be in the request and how to access them? Any example code that can be reviewed?
rob-baily
on 2 Jun 2017
@rwinch I was wondering if you or anyone else could give some clues on how to do what you have mentioned here? As I said I could not find any good reference on where the request attributes that hold objects are.
rob-baily
on 6 Jul 2017
I found that SPRING_SECURITY_CONTEXT was at the top level and was only available if somebody was logged in so I have altered @rob-baily 's script and is working for me. Hopefully might help somebody.
<#macro requiredRole Role>
<#assign authorized = false>
<#if SPRING_SECURITY_CONTEXT??>
<#list SPRING_SECURITY_CONTEXT.authentication.authorities as authority>
<#if authority == Role>
<#assign authorized = true>
<#if authorized>
<#nested>
hellomynameistj
on 11 Sep 2017
<#macro authorize ifAnyGranted>
<#assign authorized = false>
<#list Session["SPRING_SECURITY_CONTEXT"].authentication.authorities as authority>
<#if authority == ifAnyGranted>
<#assign authorized = true>
<#if authorized>
<#nested>
This macro helped allot, thanks.
DuncanCasteleyn
on 10 Nov 2018
Related issues
heruan
路
3Comments
spring-issuemaster
路
4Comments
xingfudeshi
路
3Comments
jgrandja
路
4Comments
kazuki43zoo
路
4Comments
Most helpful comment
I've come up with a starting macro for this type of library below. @rwinch if we wanted to submit a pull request to start this could you give us some guidance on where it might be appropriate to live within the Spring Security ecosystem?
<#macro authorize ifAnyGranted>
<#assign authorized = false>
<#list Session["SPRING_SECURITY_CONTEXT"].authentication.authorities as authority>
<#if authority == ifAnyGranted>
<#assign authorized = true>
<#if authorized>
<#nested>