Vaadin Fusion is a combined client and server programming model. As an application developer, you make a decision about how much of the application state is stored on the server and how much is stored in the user’s browser. The sections below describe the best practices for securing such applications.

Security in Fusion Applications

An introduction to the Vaadin Fusion security architecture and how it works in practice.

Configuring Security

Fusion supports role-based access control at endpoint level. Explains how to specify the access rules as annotations for the endpoint class or its individual methods.

Authentication with Spring Security

Describes how to configure authentication with Spring Security.

Accessing Authentication Data

Describes accessing authentication data such as username and roles on the server side, as well as transferring the data to the client.

Role-Based Access Control for Views

How to restrict access for selected Fusion views based on roles defined for the logged-in user.

Offline Support for Authentication

Describes storing the authentication data in the browser for offline applications.

Handling Session Expiration

How to detect session expiration, for example, to show a login view to the user.