Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Vaadin Flow (Vaadin 12) with Spring Security 5 Example

Teddy Nyambe
4 years ago Dec 27, 2018 6:46am
Tatu Lund
4 years ago Dec 27, 2018 7:36am
Teddy Nyambe
4 years ago Jan 02, 2019 12:31pm
Teddy Nyambe
4 years ago Jan 03, 2019 8:25am

I have implemented security very basic following the Bakery App. My Java Security Configuration looks like this now:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                    .antMatchers("/")
                    .permitAll()
                .anyRequest()
                    .authenticated();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/VAADIN/**",
                "/frontend/**",
                "/images/**",
                "/frontend-es5/**", "/frontend-es6/**"
        );

    }
}

The application is working. But I have noticed that accessing other "routes" like "ui/mypage" using the app its opening but when i refresh the page "ui/mypage" using browser the page is being blocked as restricted which i want to happen when i click on the menu. How does vaadin enforce this configuration when making a call via route mechanism behaviour (ajax).

Teddy L.

Paul Römer
3 years ago Mar 27, 2019 5:16am

Hi,

we added a new tutorial about Spring Security and Vaadin: https://vaadin.com/tutorials/securing-your-app-with-spring-security

Maybe, it's worth a try for you? Also, I am very interested in feedback for future improvements. One additional suggestion was to talk about the new Vaadin login component that simplifies the whole task a lot.

Cheers, Paul