Advice needed: when and how to initalize UserContext

Gunnar2 · February 17, 2026, 5:00pm

In my app I have a UserContext bean (@VaadinSessionScope) which contains some user-related data.

Originally I initialized this bean after login by retrieving the necessary data from a backend service.
Now I changed (due to company policy) my app: authentication happens in a 3rd party component which adds a specific header with a JWT token.
I have setup SpringSecurity and a filter takes care of validating the JWT etc. It would feel natural to have another filter which initializes my UserContext, but I cannot access this bean in a filter.
Another idea is to use a SessionInitListener, but it seems that the beans in VaadinSessionScope are not created yet at this point.

Any advice what would be the right place to initialize my UserContext?

Bonus question: after initialization of UserContext I want to automatically forward to a view based on user’s role. Where should I do that?

Tatu2 · February 19, 2026, 10:50am

This is true, as the WebFilter is invoked when HttpSession is creared and VaadinSession has not been created yet. Also SpringSecurity itself is a WebFilter, it is just a filter designed for specific purpose with an API that is supposed to fit that purpose.

By default SpringSecurity has SecurityContextHolder in HttpSession, but if you use Vaadin’s SpringSecurity helpers, they rewire the SecurityContextHolder to be at VaadinSession.

Gunnar2 · February 19, 2026, 1:47pm

Thanks - which helpers are you referring to? VaadinAwareSecurityContextHolderStrategy?