Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

CssImport when using Component Exporter by Mikhail Shabarov, 1 month ago
Recent Posts
Vaadin Forum3. Vaadin 6, 7, 8

Vaadin + Jaas + Apache Shiro

Christian Gdawietz
5 years ago Oct 19, 2016 9:07am

During following the tutorials and linked code examples I run into an issue by running an example application which is using Apache Shiro and Jaas for authentication. The source code I currently have troubles with can be found under https://github.com/peterl1084/cdiexample . The original code has an issue that you can access views even if you are not logged in (https://github.com/peterl1084/cdiexample/issues/7). I could fix this by using an annotation for the views:

@RolesAllowed("user")

But after the change the roles of the user does not get updated and all views are hidden / not accessible until I refresh the page. When I'm logging the access to isUserInRole() in class ShiroAccessControl, the roles are only retrieved / checked when the page is loaded, but not when views are changed. Is there a solution to tell the JaasAccessControl to reload the user roles after successful login? Maybe someone ran into the same issue and already has found a fix?

/edit: Found a simple fix by calling Page.getCurrent().reload() after the login.