Role security access to row, column, and function

I’ve been developing a web application for a number of years and it has grown significantly but progress is slow since we are using an old page-level framework. I’m looking at v2 of the software to upgrade to AJAX, web2.oh, and faster development. Our security is very dynamic and fully user (admin) customizable and I want to see if we can accomplish something similar with Vaadin.
We restrict access to rows based on user-deefined security roles. For example, show employee data for rmpployees who work in this department and this location.
We restrict acces to functions like process payroll and reprint checks as defined in the current user’s role.
We also restrict access to specic columns and groups of columns as defined in the role.

A Vaadin application runs in the server, so you should be able to use your existing security framework if it is not too embedded in the current business logic.

Did you have any specific questions or issues about how you should go about it with Vaadin?

the questions meaning look like this maybe:

for example, i’ve some users, menus (including actions(componen/module)), and roles;

every role, have some menu, example;

role : user_billing
menu: - billing(show billing form)
- report by day transaction (show report)

role : user_finance
menu: - finansial report(show fianncial reporting)
- financial transaction (show form transaction financial)

role : user_admin
menu: - users(show user management)
- menus (menu management)
- Roles (roles management)

and then we have user with one or more role, like user “carl” have “user_billing, user_finance” role. so, when “carl” login, just have menu get from role to display in application. mybe you can imagine that. how can be it when we using vaadin?? i has develope application like this in struts2, get the menu/action by DWR using session in java. but i confuse how to implement on vaadin.

and also, how to every action in vaadin always checking a user logged on system. if not login or session expired show the alert message.

sorry my english bad, hope you understand what i am meaning.
thank you so much for the help and advice.

There are frameworks on top of Vaadin in the
that can help you get started and help you with authentication etc.
Take a look e.g. at

You can also search in the forum for Shiro (a simple authentication framework) or Spring Security (somewhat more tricky to set up correctly for Vaadin) etc. - even if you are not using them, the posts might help you by showing examples of approaches that work and maybe additional links.

For menus, at least if they only depend on the user who is currently logged in, it should be easy to check the roles of the user and construct the menu accordingly.

thanks Henry, i’ll try to use AppFoundation for my app. i’m still find right way to build my custom authorization.
can you show me example how to construct the menu accordingly.?? i still can’t imagine how its work. thx

Your security system should have a way for you to get the current principal ( = user) and his roles.

When you construct the menu (make an array of actions available), just check for each action that you add whether the user has a role permitting that action.