Authentication and Authorization Implementation from (Data-Centric Applicat

Hi there,

I was testing the Authentication and Authorization Implementation from Alejandro’s Data-Centric Applications Book.

I realized that seems not to work well when I started implementing Routing and Navigation in Vaadin 10. Since even if you are not authenticated in the app you are allow to access many other views when injecting the actual routes in the browser.

Take a look at the attachements, you will see that injecting the routes in the urls you can actually go to the views that are suppose to be private.

Is there any way that with the same Authentication and Authorization implementation one can make use of Routes and Navigation without compromising the security of the app?

17433035.png
17433038.png

Hello. I think I found a solution.

Researching a little I found the BeforeEnterObserver Interface which I implemented and allows me to check if the user has been authenticated and the session still active, if not I just reroute the user to the login view. Something like this:

@Override
public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {
	// TODO Auto-generated method stub
	 if (!AuthService.isAuthenticated()) {
		 beforeEnterEvent.rerouteTo(PublicSide.class);
	 }	
}	

It’s working for me so far. But if you have a better way to do it, don’t hesitate in sharing your thoughts.

has anyone found a better solution for this ? I find the current implementation workable as of the moment