Accessing Authentication Data

Although authorization is defined at endpoint level (as described in the Security page), you may need to know specific authentication parameters, either in endpoint Java code or client-side code.

Accessing Authentication Data on the Server Side

Accessing the Security Principal

Vaadin authenticates each server request and, if successful, associates it with a Java security principal. You can get the authenticated user as a UserPrincipal from the current request. You can retrieve the current request using VaadinRequest.getCurrent(). Calling getUserPrincipal() for the request returns the authenticated user, or null if the request is not authenticated.

@Endpoint
public class EchoEndpoint {
    @PermitAll
    public String saySomething(String message) {
        return VaadinRequest.getCurrent().getUserPrincipal().getName() + " says: " + message;
    }
}

With Spring Security

The easiest way to configure authentication is by using Spring Security, so use its API to check the user in your endpoints. In the next example, the username is checked in the Java code:

@Endpoint
public class DrawEndpoint {

    @PermitAll
    public String checkWinner() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        if (auth != null && "peter".equals(auth.getName())) {
            return "Congrats! you are the winner.";
        }
        return "Sorry, keep looking";
    }
}

Checking Authentication on the Client Side

Checking the Username

In TypeScript, there is no direct way to check whether the user is authenticated. However, you can expose a server-side endpoint that checks user privileges and returns the status.

The next example returns the username if the user is logged in; otherwise it returns the word 'anonymousUser':

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@Endpoint
public class MyAppEndpoint {

    @AnonymousAllowed
    public String checkUser() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        return auth == null ? null : auth.getName();
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const username = await MyAppEndpoint.checkUser();

if ('anonymousUser' === username) {
   console.log('You are an anonymous user');
} else {
   console.log('Your username is: ' + username);
}

Checking Roles

A developer might want to check whether the user can access certain services, so that the appropriate options are enabled in the application menu.

The following example exposes a method that checks whether a user is an admin user.

@Endpoint
public class MyAppEndpoint {

    @RolesAllowed("ROLE_ADMIN")
    public boolean isAdmin() {
        return true;
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const isAdmin = await MyAppEndpoint.checkUser().catch(() => false);

if (isAdmin) {
   console.log('You are an admin user');
} else {
   console.log('Sorry, you are not an admin user');
}