Spring Security - Vaadin Versions

Umit4 · December 4, 2018, 7:19am

Hi i know there is a lot of questions about Spring Security mechanism & Vaadin login

i have projects build with vaadin7 ( not using spring sec. )

now i updated it to vaadin8 based on Vaadin8 Bakery App sample. Even that project uses html to interact with Spring Sec.

And vaadin 10 using html (also polymer i guess) as well.

So do i need to accept the fact that there will be no spring security implementation with native java ever ?

Gualtiero1 · December 4, 2018, 4:48pm

Hi Umit,

I’m working with a Vaadin 12 + Spring Boot 2 + Spring Security and security works.

I’m not sure what do you mean with “uses html to interact with Spring Sec”. Do you mean the login form?

Please give us more details.

Gualtiero

Umit4 · December 4, 2018, 6:32pm

Hi Gualtiero , Thanks for the reply.

Yes i meant login form. ( login . html to be exact )

i am a java developer. the whole point i love vaadin that i dont have to learn all those other techs.

any code sample of your app? i just wonder the login & auth process.

-umit.

Gualtiero1 · December 5, 2018, 7:18am

Hi Umit,

I believe you have, in your application, a Spring Security configuration class like the following:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http...
    }

where you can define your security and which is your login page.

You can have Spring Security create one for you (“formLogin”, see Spring Security documentation for more details https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html) or you can define one of your own (loginPage(“/login”)) which can be implemented in different ways: template view, JSP, Vaadin,…Your choice.

Actually we use OAuth in our appolication so the login page is from the Identity Provider.

Gualtiero

Thomas534 · December 5, 2018, 8:39am

Umit KIRTIL:

So do i need to accept the fact that there will be no spring security implementation with native java ever ?

There is an official Spring Security integrationplanned for Vaadin 14 coming next May.
https://github.com/orgs/vaadin/projects/1#card-13733072

Umit4 · December 5, 2018, 9:00am

Tamas Mucs:

Umit KIRTIL:

So do i need to accept the fact that there will be no spring security implementation with native java ever ?

There is an official Spring Security integrationplanned for Vaadin 14 coming next May.
https://github.com/orgs/vaadin/projects/1#card-13733072

Thanks Tamas , this was exactly what i am expecting. i will stick with the Vaadin 8 Until May. Then i’ll give it a try.

Thanks for notice i didnt see that card.

Btw i dont know remember which post i read that we can call vaadin 12 to Vaadin 10.2 , 13 to 10.3 … etc. right ?

i mean there is big differences between 8 to 10 and we cant just update the version in pom. but this no issue between 10 and 11 , 12 , 13 … right ?

Umit4 · December 5, 2018, 9:03am

Gualtiero Testa:
Hi Umit,

I believe you have, in your application, a Spring Security configuration class like the following:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http...
    }
where you can define your security and which is your login page.

You can have Spring Security create one for you (“formLogin”, see Spring Security documentation for more details https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html) or you can define one of your own (loginPage(“/login”)) which can be implemented in different ways: template view, JSP, Vaadin,…Your choice.

Actually we use OAuth in our appolication so the login page is from the Identity Provider.

Gualtiero

i have a login form yes … but my login submit button written in java cant trigger spring sec’s auth system. this is my problem. and why i need your code sample of Login Form and Button.

can you post it ? or Like Tamas mentioned i have no problem waiting until May. Kind Regards

Thomas534 · December 5, 2018, 9:35am

Umit KIRTIL:
Btw i dont know remember which post i read that we can call vaadin 12 to Vaadin 10.2 , 13 to 10.3 … etc. right ?

i mean there is big differences between 8 to 10 and we cant just update the version in pom. but this no issue between 10 and 11 , 12 , 13 … right ?

AFAIK versions 10.x.x is referred to as Vaadin 10, and so are versions 11.x.x referred to as Vaadin 11. From 10.0 going on the Vaadin team has decided to release major versions in a faster pace, see https://vaadin.com/roadmap.

I am not aware of any backwards incompatibility issues from 12.x to 10.x.