JEE Security


I’ve found some references on how to get Vaadin working with JEE security prior to 7, but I can find nothing about security, JEE, principle mapping etc for Vaadin 7.

All I want to be able to do is login using a login form, post to j_security_check, create an authenticated session and make sure that session carries through to the Vaadin application.

I can logon to the container, using FORM based authentication, but as soon as I hit the Vaadin application I get not authorised exceptions.

Are there any resources available that would help me with the above? (or am I completely missing the point and there is another way to do security in Vaadin?)


Since Vaadin doesn’t really do post-requests, your best bet is to create a JSP login page that redirects to a Vaadin app URL after successful login. The credentials can then be found using normal servlet methods. It makes loading the first page much faster as well, and reduces memory usage (since you only create a Vaadin session when actually needed).