How to use `thymeleaf-extras-springsecurity6` in a non-web application?

[yvasyliev]

So I'm building a non-web application with Spring Security feature enabled. And would like to use xmlns:sec namespace in my templates.

Currently, any sec: attribute evaluation will fail because Thymeleaf expects org.springframework.security.core.Authentication to be present within either WebMvcContext or WebFluxContext.

I found the place where it happens:

https://github.com/thymeleaf/thymeleaf-extras-springsecurity/blob/51ca399cc430154909b23aa5032597b6b091beff/thymeleaf-extras-springsecurity6/src/main/java/org/thymeleaf/extras/springsecurity6/dialect/processor/AuthorizeAttrProcessor.java#L56-L75

https://github.com/thymeleaf/thymeleaf-extras-springsecurity/blob/51ca399cc430154909b23aa5032597b6b091beff/thymeleaf-extras-springsecurity6/src/main/java/org/thymeleaf/extras/springsecurity6/auth/AuthUtils.java#L101-L102

https://github.com/thymeleaf/thymeleaf-extras-springsecurity/blob/51ca399cc430154909b23aa5032597b6b091beff/thymeleaf-extras-springsecurity6/src/main/java/org/thymeleaf/extras/springsecurity6/util/SpringSecurityContextUtils.java#L125-L140

SpringSecurityContextUtils.getAuthenticationObject is static, and I cannot override it.

AuthorizeAttrProcessor.isVisible is protected and I could override it, but the AuthorizeAttrProcessor object is fetched from org.thymeleaf.engine.ProcessorExecutionVars#processorIterator which is package-private!

This makes all authorization-related logic non-customizable!