Vaadin Fusion is a combined client and server programming model. As an application developer, you make a decision about how much of the application state is stored on the server and how much is stored in the user’s browser. The sections below describe the best practices for securing such applications.
- Security in Fusion Applications
An introduction to the Vaadin Fusion security architecture and how it works in practice.
- Configuring Security
Fusion supports role-based access control at endpoint level. Explains how to specify the access rules as annotations for the endpoint class or its individual methods.
- Authentication with Spring Security
Describes how to configure authentication with Spring Security.
- Accessing Authentication Data
Describes accessing authentication data such as username and roles on the server side, as well as transferring the data to the client.
- Role-Based Access Control for Views
How to restrict access for selected Fusion views based on roles defined for the logged-in user.
- Offline Support for Authentication
Describes storing the authentication data in the browser for offline applications.
- Handling Session Expiration
How to detect session expiration, for example, to show a login view to the user.