Spring Security + Vaadin App Layout Menu

Hello,

I got the problem, then when I secure a application with Spring Security, my user can’t access a for him forbidden route, when I call the route directly via URL. But if I implement a AppLayoutMenu and add a MenuItem to the forbidden route, the user is able to access it without problem.

I know the menu will be constructed in a way, the user can’t see this entry, but either way I’d like to close this door. Any suggestions?

Best regards

I would recommend to implement BeforeEnterObserver in the routes, check the access rights in beforeEnter, and reroute e.g. back to main view or something like that if there is no sufficient access rights.

Alternatively you could use @Secured annotation provided by Spring Security with the view of restricted access, provided that you have user role management done also with Spring Security.