Authentication + Navigator7

What is the recommended best practice for handling user authentication in a Vaadin app built on Navigator7?

I understand that in a typical Vaadin app the user credentials can be stored on the session or in a ThreadLocal object and the login component is swapped-out and replaced by the main ui component once authentication succeeds. With Navigator7 the application model seems to change a bit and its not clear to me how this is best handled.

Is there any way to intercept all page requests to check that the current user is already authenticated before proceeding to the requested page? Or is there a simpler way to accomplish this?


Well, there is the “let the application server do it” way as explained by Petter Holmström’s excellent article –
Securing the Web Layer

The idea is to retrieve the user using Principal principal = request.getUserPrincipal(); and use application.setUser() to make it available to the Vaadin app.