Spring Security Dialect sec:authorize not parsed

Question

I am building a small app using spring boot 2.1.0 and spring security. I am able to login and out using form authentication. However, the sec:authorize tag is not parsed or evaluated, the rendered html contains those attributes as-is.

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>3.0.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>nz.net.ultraq.thymeleaf</groupId>
        <artifactId>thymeleaf-layout-dialect</artifactId>
        </dependency>

Can't figure out what am i missing

Answer 1

Without much information given, there could be a few things that might not be set correctly. Anyways, this issue tend to always resolve by adding missing dependencies or changing the ones you are using. So, first, try changing to springsecurity5. And add the folowing @Bean.

Configuration

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;

@Configuration
public class LeafConfig {

    @Bean
    public SpringSecurityDialect springSecurityDialect(){
        return new SpringSecurityDialect();
    }

}

POM

<dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        <version>3.0.4.RELEASE</version>
</dependency>

Also, if you are using <artifactId>spring-boot-starter-parent</artifactId>, don't add any version to your Thymeleaf Extras, let Spring Boot manage that for you.