Hi everyone and a happy new year. I need to add some custom data (key-value) to the session or into JWT. Those data are often needed in the whole application and are bounded to a logged in user.
I tried to add it to VaadinSession, but i cant find the right place where to add it (should be only added one time after login)
I am useing Spring Security with a UserServiceImpl and DAOAuthenticator.
Currently i have added the following to my MainLayout (Constructor), but i dont know it that is reliable. Are there any suggestions?
on the other hand i use setStatelessAuthentication(http, new SecretKeySpec(Base64.getDecoder().decode(JWT_AUTH_KEY), JwsAlgorithms.HS256),"xx.wp", 86400); isnt there a way to add data to the JWT which i can read from any UI View?
Ah great thank you! Makes it a lot easier if i want to add more date. Then i can use Getter/Setter instead of getting the value via the key which i need to look for every time
I have now implemented it but have an issue which is not userfriendly, does anyone has an idea:
I set a customerNumber to the VaadinSession, a user navigate to a site where i read the customernumber from the session. Assume the user keeps this page open and i restart the server. When he then reloads the page, the session is gone and the page shows NPE because it cant find the customer number in session.
Would it be better to store this customer number in browser session?
I think i missused the vaadin session in this use case
A cookie of course its also a way. But if the user clears his browser cache and re-visit the page some days later, i must implement a check “no cookie? > need to login again” but the JWT is deleted as well because he deleted his browser data or? So he must go to login anyway to login and sets the cookie as well.
Another solution would be to get the authenticated user each time i need the customerNo and check in the database for the number, with the username of the authenticated user. Then i dont need any storage in browser because the username is available in spring security, right? But this will leed to into heavy database requests when sometimes a lot of useres maybe browse the App.
Where is the Problem? Just get rid of the NPE. You have the user… just query for the customer number again if it’s missing and store it in the session (again) for the really rare occurrence that the server is rebooted.