Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Where to include a web components css file when integrating a third party w by Martin Vyšný, 1 week ago
Recent Posts
Vaadin Forum1. Vaadin Flow - Java

Authentication + Navigator7

Gary Piercey
10 years ago Feb 16, 2012 11:05pm

What is the recommended best practice for handling user authentication in a Vaadin app built on Navigator7?

I understand that in a typical Vaadin app the user credentials can be stored on the session or in a ThreadLocal object and the login component is swapped-out and replaced by the main ui component once authentication succeeds. With Navigator7 the application model seems to change a bit and its not clear to me how this is best handled.

Is there any way to intercept all page requests to check that the current user is already authenticated before proceeding to the requested page? Or is there a simpler way to accomplish this?

Gary

Last updated on Feb, 16th 2012
Jean-François Lamy
10 years ago Feb 17, 2012 2:00am

Well, there is the "let the application server do it" way as explained by Petter Holmström's excellent article -- Securing the Web Layer

The idea is to retrieve the user using 

Principal principal = request.getUserPrincipal();

and use 

application.setUser()

to make it available to the Vaadin app.

Last updated on Feb, 17th 2012