Accessing Authentication Data

Although authorization is defined at endpoint level as described in the Security page, you may need to know specific authentication parameters either in endpoint Java code or client-side code.

Accessing Authentication Data on the Server Side

Accessing the Security Principal

Vaadin authenticates each server request and, if successful, associates it with a Java security principal. You can get the authenticated user as a UserPrincipal from the current request, which you can get with VaadinRequest.getCurrent(). It is null if the request is not authenticated.

@Endpoint
public class EchoEndpoint {
    @PermitAll
    public String saySomething(String message) {
        return VaadinRequest.getCurrent().getUserPrincipal().getName() + " says: " + message;
    }
}

With Spring Security

The easiest way to configure authentication is by using Spring Security, thus use its API for checking the user in your endpoints. In the next example the username is checked in the Java code:

@Endpoint
public class DrawEndpoint {

    @PermitAll
    public String checkWinner() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        if (auth != null && "peter".equals(auth.getName())) {
            return "Congrats! you are the winner.";
        }
        return "Sorry, keep looking";
    }
}

Checking Authentication on the Client Side

Checking the User Name

In TypeScript there is no direct way for checking whether the user is authenticated, nevertheless it’s possible to expose an endpoint in server side checking user privileges and returning the status.

The next example returns the username when in the user is logged-in, or the word 'anonymousUser' otherwise:

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@Endpoint
public class MyAppEndpoint {

    @AnonymousAllowed
    public String checkUser() {
        Authentication auth =
            SecurityContextHolder.getContext().getAuthentication();
        return auth == null ? null : auth.getName();
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const username = await MyAppEndpoint.checkUser();

if ('anonymousUser' === username) {
   console.log('You are an anonymous user');
} else {
   console.log('Your username is: ' + username);
}

Checking Roles

Developer might want to check whether the user can access certain services so as the appropriate options are enabled in the application menu.

The next example exposes a method that can be used to check whether the application is being used by an admin user.

@Endpoint
public class MyAppEndpoint {

    @RolesAllowed("ROLE_ADMIN")
    public boolean isAdmin() {
        return true;
    }
}
import { MyAppEndpoint } from 'Frontend/generated/MyAppEndpoint';

const isAdmin = await MyAppEndpoint.checkUser().catch(() => false);

if (isAdmin) {
   console.log('You are an admin user');
} else {
   console.log('Sorry, you are not an admin user');
}