I'm just a new to Spring security.
Today I just wonder how can I make a textbox as readonly depends on account's role?
For example, If account's role is not Admin I want to make textbox as readonly.
I tried this code for it, but It didn't work.
<sec:authorize access="hasAnyRole('ROLE_ADMIN')">
<input type="text" id="userID">
</sec:authorize>
Thanks for your help.
CodePudding user response:
If you mean client side, I think you're looking for
<input type="text" id="userID" readonly="readonly">
If you mean server-side ("don't trust the user input"), well... That depends how your server side works.
CodePudding user response:
Make sure you have the Thymeleaf Spring Security 5 dependency:
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
Then you can show different inputs based on the users role:
<span sec:authorize="hasRole('ADMIN')">
<input type="text" id="userID">
</span>
<span sec:authorize="!hasRole('ADMIN')">
<input type="text" id="userID" readonly="readonly">
</span>