form based authentication possible?


Is it possible to use form based authentication with Vaadin?

I just put the following into my app:


		<description>admin role</description>

and I get:

javax.servlet.ServletException: Failed to load application class: com.refineddata.cvm.xyzApplication

I actually just want to secure a particular url (like ‘/admin’) but thought the simple case above would facilitate discussion.

Thank you!


Anyone? Am I trying something not supported?



Sure, you can either:

  1. Move your application from /* to /something/* and then the login html pages won’t start up Vaadin.
  2. Add a mapping for the specific html pages to the html pages. A mapping to those files will be more specific than /* and so will match the html pages rather than the Vaadin app.

(For #2 you might need to play around with it a little; I don’t recall the exact syntax.)

There’s an example of #1 here. It says EE 6 in it but the web.xml info should apply to EE 5 as well:

Note that with Java EE6, you can login directly from the Vaadin app and skip form-based login completely:


Hi Bobby,

Thanks for the suggestion. I tried #2, but couldn’t get it to work, so did #1 without much fuss.

Thanks for your help!


Glad you got it working! Just out of curiosity, what problem did you run into with #2?


Vaadin wouldn’t work right if a mapping was more specific than '/', the application would simply not load. It only worked if (as in suggestion #1) it was mapped to /xxx/. Give it a try if you are curious, easy to reproduce.



If your application mapping is something else than “/", you also need a mapping (to the same servlet) for "/VAADIN/” - for more information, check
the book
or various related forum posts.

Hi Mark,

I meant it more like this: map /* to your Vaadin application, and map /userauth/* or something similar to the JSP/HTML files you need for form-based authentication. You can protect /* with a security constraint that still allows access to the login form for the j_security_check.

The alternative is to map /foo to your Vaadin app, and as others point out you need to map /VAADIN/* as well. If it will help, I could post an example of form-based auth with Vaadin that keeps Vaadin mapped to /*. I think I can recall how to do that. :slight_smile: