Vaadin redirect to external SSO (AWS Cognito) when trying to access secured view?

I have configured Spring Security + Spring OAuth2 + Spring OIDC libraries.

They work with my REST APIs and force a redirect to AWS Cognito SSO page.

However I am having difficulty getting it to work/integrate with Vaadin views.

This is my Spring Security config class


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
            .and()
            .oauth2Login()
            .and()
            .logout();}

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        web.ignoring().antMatchers("/images/*.png");
        web.ignoring().antMatchers("/");
    }

    @Bean
    public GrantedAuthoritiesMapper userAuthoritiesMapper() {
        return authorities -> {
            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
            authorities.forEach(authority -> {
                if (authority instanceof OidcUserAuthority) { //we should use Open ID scope when configuring AWS cognito
                    OidcUserAuthority oidcUserAuthority = (OidcUserAuthority)authority;
                    JSONArray cognitoGroups = (JSONArray) oidcUserAuthority.getAttributes().get("cognito:groups");
                    cognitoGroups.forEach(cg -> mappedAuthorities.add(new SimpleGrantedAuthority(cg.toString())));
                }
            });
            return mappedAuthorities;
        };
    }

I have a Vaadin view with an annotation for one of the Authorities, however when I access the view it does not force me to Authenticate

@PageTitle("Create Course")
@Route(value = "create-course", layout = MainLayout.class)
@RolesAllowed("OPS")
public class CreateCourseView extends VerticalLayout {

...

}

Is there something I need to configure with Spring security or with Vaadin to make it force a redirect to Auth?

You must use VaadinWebSecurityConfigurerAdapter

That will enable annotation based security for your view

Ok I will try that thanks

Still can’t get it to work with Vaadin annotations, but antmatchers on authorizeRequests() works

and you call in both configure methods super first?

No

you must do that!

otherwise Vaadin is not configured

Understood

Please also stay tuned for upcoming Vaadin updates: component based spring security and native SSO support.

I used this and also added setOAuth2LoginPage(http, "/oauth2/authorization/cognito") so the login works with Cognito. However I cannot figure out how to logout. Any tips there?