Trying to redirect user from RequestHandler to authenticate with AzureAD

I’m trying to authenticate user with AzureAD and I want to redirect user by implementing a RequestHandler in


@Override
public void serviceInit(ServiceInitEvent event) {
event.addRequestHandler(```
Can I redirect user to my authentication endpoint from RequestHandler?

Trying to redirect user from RequestHandler to authenticate with AzureAD

I think you’ll have an easier time (and get a more secure app) if you instead configure Spring Security to handle it. It’ll be the same as for Google, but with different URLs in the config. OAuth 2 and Google Sign-in for a Vaadin Application | Vaadin

Or if you have a paid subscription, you can use the new SSO kit as well Getting Started | SSO Kit | Tools | Vaadin Docs

And if not using Spring (or Spring Security), use Location header in the RequestHandler:

    @Override
    public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException {
        if(request.getParameter("g") != null) { // whatever logic to detect the situation to redirect
            response.setStatus(308);
            response.setHeader("Location", "https://google.com/");
            return true;
        }
        return false;
    }

Thank you @secure-leopard for the google example.

And thank you @quintessential-ibex that’s what I was looking for because my app is not using Spring and I don’t want to add Spring just for authentication

If I’m implementing authentication on my own, what will be more appropriate way to do it, RequestHandle or Servlet Filter? @secure-leopard @quintessential-ibex

I suggest you to use a Filter

Filter can be mapped to intercept all requests (also to different servlet)

Servlet Filter is indeed a good option as well, and you can probably copy paste the solution from some generic example.

Thank you for your suggestions @quintessential-ibex

My main concern was that while using Filter or RequestHandler I was filtering requests between Flow server and client. That’s why I just wanted to make sure that I’m using the best solutions.

Of course, you have to pay attention to allow access to static resources.
You can take a look at the rules applied by vaadin-spring addon