Trying to redirect user from RequestHandler to authenticate with AzureAD

musical-crane · January 9, 2023, 9:52pm

I’m trying to authenticate user with AzureAD and I want to redirect user by implementing a RequestHandler in


@Override
public void serviceInit(ServiceInitEvent event) {
event.addRequestHandler(```
Can I redirect user to my authentication endpoint from RequestHandler?

musical-crane · January 9, 2023, 10:53pm

marcushellberg · January 10, 2023, 2:16am

I think you’ll have an easier time (and get a more secure app) if you instead configure Spring Security to handle it. It’ll be the same as for Google, but with different URLs in the config. OAuth 2 and Google Sign-in for a Vaadin Application | Vaadin

marcushellberg · January 10, 2023, 2:17am

Or if you have a paid subscription, you can use the new SSO kit as well Getting Started | SSO Kit | Tools | Vaadin Docs

Matti · January 10, 2023, 7:51am

And if not using Spring (or Spring Security), use Location header in the RequestHandler:

    @Override
    public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException {
        if(request.getParameter("g") != null) { // whatever logic to detect the situation to redirect
            response.setStatus(308);
            response.setHeader("Location", "https://google.com/");
            return true;
        }
        return false;
    }

musical-crane · January 10, 2023, 12:35pm

Thank you @secure-leopard for the google example.

musical-crane · January 10, 2023, 12:36pm

And thank you @quintessential-ibex that’s what I was looking for because my app is not using Spring and I don’t want to add Spring just for authentication

musical-crane · January 10, 2023, 12:40pm

If I’m implementing authentication on my own, what will be more appropriate way to do it, RequestHandle or Servlet Filter? @secure-leopard @quintessential-ibex

marcoc_753 · January 10, 2023, 1:13pm

I suggest you to use a Filter

marcoc_753 · January 10, 2023, 1:14pm

Filter can be mapped to intercept all requests (also to different servlet)

Matti · January 10, 2023, 6:30pm

Servlet Filter is indeed a good option as well, and you can probably copy paste the solution from some generic example.

musical-crane · January 10, 2023, 7:29pm

Thank you for your suggestions @quintessential-ibex

musical-crane · January 10, 2023, 7:32pm

My main concern was that while using Filter or RequestHandler I was filtering requests between Flow server and client. That’s why I just wanted to make sure that I’m using the best solutions.

marcoc_753 · January 10, 2023, 8:23pm

Of course, you have to pay attention to allow access to static resources.
You can take a look at the rules applied by vaadin-spring addon