Vaadin 7 role based security

I have an Vaadin 7 application working with Spring and currently there is one ADMIN role that can log in into the system and see all views. Now I need to add another role let’s say CO_ADMIN and allow user with this role to view part of views. What is the best way to achieve this?


First, I think it is a good idea to distinct between authenticaton and autorization. We use the springvaadin addon witch integrates Apache Shiro. There is a sample in the source code. If you get the setup of your application right, all to do is a call to the static Method SecutityUtils.getPermisson(String str) to get a permission for the current user. In our Application users, roles and permissions are stored in a SQL Database, so we have to configure the foreign keys that related them and to create the sql queries.