Spring context functions
The gotmpl4j-spring module lets a template read from the running Spring application — i18n
messages, the Environment/config, Spring beans, and the Security context — the way Thymeleaf’s
Spring dialect does (#{…}, ${@bean}, sec:authorize), but as Go-template functions and
without any Spring dependency leaking into gotmpl4j-core.
|
These functions target developer-authored (trusted) templates. The |
1. Getting it
gotmpl4j-spring ships with the Spring Boot starter, so a Boot application gets these functions
automatically:
org.alexmond
gotmpl4j-spring-boot-starter
1.3.0
The module carries a Spring Boot auto-configuration that registers a FunctionProvider bean
wired to the live context; the engine picks it up automatically. It is also usable standalone
(add gotmpl4j-spring directly) — for example to render a Go/Helm-style config template against
the application’s own Environment, with no web layer.
2. Functions
2.1. msg — messages / i18n
Resolves a message through Spring’s MessageSource using the request locale
(LocaleContextHolder). Arguments after the code are the message arguments; a missing key
renders the code itself (it never throws mid-render). Always on.
{{ msg "greeting.hello" .name }} ⟶ Hello, Ada! (greeting.hello=Hello, {0}!)
{{ msg "no.such.key" }} ⟶ no.such.key
2.2. env — Environment / config
Reads a property from the Spring Environment, with an optional default. Always on. Pairs well
with gotmpl4j’s Helm-style config rendering.
{{ env "app.title" }}
{{ env "feature.flag" "off" }}
2.3. bean — application beans (opt-in)
Resolves a bean from the ApplicationContext; combine with field/method access to read from it.
Off by default — enable with gotmpl4j.spring.expose-beans=true, and prefer to narrow it with
an allow-list.
{{ (bean "catalog").FeaturedItem }}
{{ $u := bean "userService" }}{{ $u.CurrentUser.Name }}
2.4. Spring Security (when on the classpath)
When spring-security-core is present, security functions are registered too — the
thymeleaf-extras-springsecurity equivalent. They read the current Authentication from
SecurityContextHolder. spring-security-core is an optional dependency, so apps without
Spring Security pull nothing extra and these functions simply don’t appear.
| Function | Meaning |
|---|---|
|
|
|
authority check, |
|
any of the roles |
|
exact authority, no prefix |
|
the authenticated name / the principal object |
{{ if isAuthenticated }}Signed in as {{ username }}{{ else }}Please sign in{{ end }}
{{ if hasRole "ADMIN" }}<a href="/admin">Admin</a>{{ end }}
2.5. Web request (servlet)
In a servlet web application, request functions read the current request from
RequestContextHolder. spring-web and the Servlet API are optional dependencies, so these
register only in a servlet web app; outside a request they return an empty value rather than
failing.
| Function | Meaning |
|---|---|
|
request parameter, with optional default |
|
request header |
|
cookie value |
|
session attribute (does not create a session) |
|
the request URI |
|
the CSRF token (when Spring Security set one) — also |
<form method="post" action="/save">
<input type="hidden" name="{{ csrf.ParameterName }}" value="{{ csrf.Token }}">
<input name="q" value="{{ param "q" }}">
</form>
3. Configuration
| Property | Default | Description |
|---|---|---|
|
|
Master switch for the Spring-context functions. |
|
|
Allow the |
|
(empty) |
Optional allow-list of bean names |