Session how to handle?

OnDemand · September 29, 2024, 6:34pm

Hi there,

How does vaadin recognize different users along different views?

Lets say User A visits /home and there he get shown his personal data, then he visits /orders and he sees his orders.

Usually Spring handles this, when used, right? But what if i dont use spring? Do i need to save a token/customerno what ever, in the session and read it in onAttach to get his data and fill the forms?

knoobie · September 29, 2024, 6:49pm

Vaadin does not store anything user related itself. It’s up to you or your servlet container

OnDemand · September 29, 2024, 6:55pm

Okay so setting a customer number or any identifier to the servlet session will do it and if i want to show user related data i get the session attribute on page visit and load its data?

The session is stored serverside and connected through a browser cookie?

knoobie · September 29, 2024, 7:05pm

Yeah, I personally would suggest to use a framework to handle security / authorization / authentication before doing it yourself and creating a potential security problem down the road (spring / shiro)

OnDemand · September 30, 2024, 5:43am

I am using Spring in my project. But in this special case a user comes (already auhenticated) from another portal (which sends a token as URL Parameter) I decrypt it (i have the key) and then i know who the user is.

And now i need to have the possiblity to show user relevant details on several views.

In Spring i would use the SecurityContextHolder to get the logged in User or?

jorg.heymans · September 30, 2024, 6:43am

You’re looking at implementing the pre-authentication scenario: Authentication :: Spring Security

OnDemand · September 30, 2024, 6:52am

Thank you! Sound like what i need but also sounds a little oversized. Because i only have 2 or 3 views for this case, so using the vaadin session would a little less work, isnt it?

fedorko · October 3, 2024, 6:52am

I am currently using VaadinSession and it works very vell.

    VaadinSession session = VaadinSession.getCurrent();

    // saving object with my data (AppContext class) to context
    AppContext context = new AppContext();
    session.setAttribute(AppContext.class, context);

    // retrieving my data from context, usually to display user name in Parent Layout
    VaadinSession session = VaadinSession.getCurrent();
    Object savedContext = session.getAttribute(AppContext.class);
    if (savedContext instanceof AppContext ctx)
        doSomethingWithMyData (ctx);

Hope this will help …