With Vaadin6 I have been using a form based authentication defined in the web.xml file. Since the Vaadin application was not mapped to the root, I also had to add a mapping for “/VAADIN/*” in order to have it working.
The problem is that it seems that, since Vaadin7, the UIDL requests seem to go trough the path “/UIDL/". I tried adding a mapping to it like I had to do with "/VAADIN/”, but it seems that UIDL queries get the start HTML page of Vaadin instead of the expected UIDL response.
Here is a digest version of the web.xml file I tried to use:
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>VaadinTestApp</servlet-name>
<servlet-class>com.vaadin.server.VaadinServlet</servlet-class>
<init-param>
<description>Vaadin entry point</description>
<param-name>UI</param-name>
<param-value>test.vaadin.VaadinTestApp</param-value>
</init-param>
<init-param>
<description>Vaadin widgetset</description>
<param-name>widgetset</param-name>
<param-value>test.vaadin.VaadinTestAppWidgetSet</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>VaadinTestApp</servlet-name>
<url-pattern>/VaadinTestApp/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VaadinTestApp</servlet-name>
<url-pattern>/VAADIN/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VaadinTestApp</servlet-name>
<url-pattern>/UIDL/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VaadinTestApp</servlet-name>
<url-pattern>/index.jsp</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>vaadinPages</web-resource-name>
<url-pattern>/VaadinTestApp</url-pattern>
<url-pattern>/VAADIN/*</url-pattern>
<url-pattern>/UIDL/*</url-pattern>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>testUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test_web</realm-name>
<form-login-config>
<form-login-page>/WEB-INF/login.jsp</form-login-page>
<form-error-page>/WEB-INF/login.jsp?errorHappened=true</form-error-page>
</form-login-config>
</login-config>
Does anyone has the same problem and is there a particular reason why UIDL requests need their own dedicated mapping?