Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

How to use server push effectively

Anil K P
7 years ago May 18, 2015 9:06am
Emmanuelle Victoria
7 years ago May 18, 2015 9:45am
Emmanuelle Victoria
7 years ago May 18, 2015 9:48am
Anil K P
7 years ago May 18, 2015 9:54am
Emmanuelle Victoria
7 years ago May 18, 2015 10:10am

Yes you need to register almost all UI's - UI's that have Users with appropriate user level. 

  1. User logs in into the application.
  2. Check user's level.
  3. If user's level is high enough like an admin level, register the UI to the Broadcaster so you can receive messages.
  4. If user's level is not high enough, don't register the UI.

For me there is no other way than this which is like a publish-subscribe pattern. Checking the user's level and registering the UI upon login won't even degrade your application's performance, as these are not big operations.

Anil K P
7 years ago May 18, 2015 10:33am

I was following almost the same way. I thought It will affect my application performance. 
Thank you Victoria for your valuable suggestion. 

Marko Grönroos
7 years ago May 18, 2015 11:26am


I guess that's one way to do it, although it is a bit problematic from security viewpoint to check authorization only when the session is created. While it might not be a huge problem to log out and in if access rights are increased, it is a security problem if reduction in access rights is not applied immediately. Therefore, I'd recommend checking for the authorization in the access() calls to the UIs. If it's not needed to check for increase of access rights immediately, use in combination to what was suggested above.

Anil K P
7 years ago May 19, 2015 7:46am