Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Authentication + Navigator7
What is the recommended best practice for handling user authentication in a Vaadin app built on Navigator7?
I understand that in a typical Vaadin app the user credentials can be stored on the session or in a ThreadLocal object and the login component is swapped-out and replaced by the main ui component once authentication succeeds. With Navigator7 the application model seems to change a bit and its not clear to me how this is best handled.
Is there any way to intercept all page requests to check that the current user is already authenticated before proceeding to the requested page? Or is there a simpler way to accomplish this?
Gary
Well, there is the "let the application server do it" way as explained by Petter Holmström's excellent article -- Securing the Web Layer
The idea is to retrieve the user using
Principal principal = request.getUserPrincipal();
and use
application.setUser()
to make it available to the Vaadin app.