6

Currently learning Vaadin8+SpringBoot for Vaadin made me wanna forget about HTML for a while. Anyways, all is good for some CRUD operations until I mixed in SpringSecurity in the project. Well, I've been searching for days now and no solution could fit in well with the expected requirements.

Expected output:

  • Vaadin8+SpringBoot+SpringSecurity
  • All in one project/module/artifact
  • 2 @SpringUI (MainUI = "", LoginUI = "/login")
  • Multiple @SpringViews contained by MainUI's ViewDisplay

Limitations:

  • No login.html (from the Vaadin's demo backery app)
  • No SpringMVC for login page
  • No vaadin4Spring dependency
  • Configurations done through annotations and not through XMLs

I know there's a way, I'm blocked how to progress on this. And if it's really not possible, need to understand as to why it isn't.

Raghav Dinesh
  • 591
  • 5
  • 12
David B
  • 3,269
  • 12
  • 48
  • 80
  • So you would like to see spring boot make your Vaadin login page? In short, I did the following in a recent project: Created one UI class, with a ViewAccessControl implemented to deny when not logged-in, instruct navigator to show my login view (access denied view, is a @SpringView) in that case. – Steffen Harbich Jan 12 '18 at 14:12

1 Answers1

1

When you configure Spring Security, you need to allow anonymous access to the /login URL (either login.html if it is a non-vaadin form, or the login UI path if you want a separate UI for login). You also need to restrict access to the actual application UI. You also need to allow anonymous access to the static resources (i.e. /VAADIN/**).

The SecurityConfig in Bakery may give you a starting point. (Note: the starter or its parts cannot be redistributed as a code example or template)

There is a more detailed explanation here, though it only covers Vaadin and Spring Security integration (i.e. no spring-boot).

Javier
  • 12,100
  • 5
  • 46
  • 57