Spring security using thymeleaf with "if" condition

Question

I a using Spring security with an HTML page using thymeleaf. I have a problem to use the "sec:authorize" property in this case:

<ul class="nav nav-tabs margin15-bottom">
    <li th:each="criteriaGroup,iterGroups : ${aGroupList}"
        th:class="${iterGroups.index == 0}? 'active'">
        <a th:href="'#' + ${criteriaGroup.id}" data-toggle="tab"
           th:text="${criteriaGroup.groupName}"></a>
    </li>
</ul>

Now I want to add a spring security property like: if I have this particular criteria, I need a authorization (sec:authorize="hasRole('Criteria')") although I will not see the tab corresponding to this criteria:

<ul class="nav nav-tabs margin15-bottom">
    <li th:each="aGroup,iterGroups : ${aGroupList}" th:class="${iterGroups.index == 0}? 'active'"
        th:sec:authorize="$({criteriaGroup.id =='criteriaA'} || ${criteriaGroup.id =='criteriaB'}) ? 'hasRole('Criteria')'">
        <a th:href="'#' + ${criteriaGroup.id}" data-toggle="tab"
           th:text="${criteriaGroup.groupName}"></a>
    </li>
</ul>

But when I am doing this I have the following error:

org.thymeleaf.exceptions.TemplateProcessingException:   Error processing template: dialect prefix "th" is set as non-lenient but attribute "th:sec:authorize" has not been removed during process

How can I avoid it?

Answer 1

Remove th: in front of sec:authorize

The Spring Security 3 integration module is a Thymeleaf dialect. More information can be found here.

Answer 2

Perhaps you'd want to use the #authentication object instead of the sec dialect.

From the docs:

<div th:text="${#authentication.name}">
    The value of the "name" property of the authentication object should appear here.
</div>