Restricting the view access - Spring security Role based with vaadin


i am using vaadin 7 with spring and Hibernate for that i am implementing spring security for this when the user logs in to my application first i will get the information from our company site(using LDAP) as of now going very good!..

i have 2 views for my application that is Error view and Trasnaction View. Now based on the User role i need to restrict the vaadin view.

i have only 2 roles that is Market Responsible and Admin , if the user is Market Responsible i need to show only Error View if the user is Admin i wanted to show the 2 view that is Error View aswell Transaction view.

I am using discovery Navigator to navigate .

Technical Info:


  1. Step 1 :
    [/color] when the user types the URL i am calling looks like:

@Title(“Transaction Type Manager”)
public class MainUI extends UI {
private static final long serialVersionUID = 1L;

final static Logger logger = LoggerFactory.getLogger(MainUI.class);

protected void init(VaadinRequest request) {
    DiscoveryNavigator navigator = new DiscoveryNavigator(this, this);

2) Step 2 :
then from here it will displays the Login View :

public class LoginView extends VerticalLayout implements View, Button.ClickListener {

private ApplicationContext applicationContext;

private static final long serialVersionUID = 1L;

public static final String NAME = "";

final static Logger logger = LoggerFactory.getLogger(LoginView.class);

private TextField user = null;
private PasswordField password = null;
private Button loginButton = null;

public void enter(ViewChangeEvent event) {

 * Presents input fields for username and password and a button for login. If the credentials were correct and the user is authorized for the
 * application, the login view will redirect the user to another view.
public LoginView() {

    VerticalLayout layout = new VerticalLayout();
    VerticalLayout elements = new VerticalLayout();


    user = new TextField("Username");
    password = new PasswordField("Password");
    loginButton = new Button("Login", this);



    layout.setComponentAlignment(elements, Alignment.MIDDLE_CENTER);


public void buttonClick(ClickEvent event) {

    String username = this.user.getValue();
    String password = this.password.getValue();

    ActiveDirectoryLdapAuthenticationProvider authenticationManager = (ActiveDirectoryLdapAuthenticationProvider) applicationContext

    try {
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);

        Authentication authentication = authenticationManager.authenticate(token);


        List<?> list = (List<?>) authentication.getAuthorities();
        boolean isRoleAdmin = false;


if (list != null && !list.isEmpty()) {
for (int i = 0; i < list.size(); i++) {
if (“SEIT TransactionTypeManager Admin”.equalsIgnoreCase(list.get(i).toString())) {
isRoleAdmin = true;
} else if (“SEIT TransactionTypeManager Market Responsible”.equalsIgnoreCase(list.get(i).toString())) {

        if (isRoleAdmin) {

    } catch (BadCredentialsException e) {
        getUI().getNavigator().navigateTo(LoginView.NAME);"You have entered the wrong Username or Password. Please try again!", 


    } catch (ActiveDirectoryAuthenticationException e) {"Login failed. You are not authorized for this application!", Type.WARNING_MESSAGE);



the marked red color i am bit confusing how to handle i know the above code in red color not seems good, how to implement to restrict the view ?

any idea would be appriciated :