0

I integrated https://vaadin.com/docs/latest/tools/sso/integrations/keycloak Keycloak SSO Kit and it works pretty well.

What I now want to achieve is, that some pages were secured and some not. For that I add @PermitAll to those which I want to secure and @AnonymousAllowed to them I dont want to be secured. Calling the routes directly via browser navigation works as intended. Keyloak redirect for @PermitAll pages is done, for @AnonymousAllowed not.

The problem I got is, navigating from one page to the other, using UI.navigate(route). When calling UI.navigate(ToASecuredPageWithPermitAll) from a page with @AnonymousAllowed I got the following info message:

Could not navigate to 'securedview'


Available routes:

securedview

What I´d like to have is the same behavior as directly accessing secured page: Redirect to Keycloak login page.

Different annotations, different calls via Router and so on.

Sebastian Olscher
  • 11
  • 1
  • Do you have the `sso-kit-starter` dependency added to your pom.xml? – Tarek Oraby Aug 21 '23 at 07:50
  • I found a possible solution: Used UI.getCurrent().navigate("securedPage"); for redirection which is not working and showing the "route not found" page. UI.getCurrent().getPage().setLocation("securedPage"); indeed is working and redirecting to Keycloak for login. To be honest, dont know the differences that much to decide if this is bug or maybe lack of understanding from my side. – Sebastian Olscher Aug 21 '23 at 10:23

1 Answers1

1

Usage of UI.getCurrent().getPage().setLocation instead of navigate works as expected.

UI.navigate does an internal navigation and does not trigger Spring Security.

setLocation is working as it does a full HTTP request.

Sebastian Olscher
  • 11
  • 1