Vaadin Flow (Vaadin 12) with Spring Security 5 Example

Teddy7 · December 27, 2018, 6:46am

Hi All,

Is there an example to specifically showing how to use Spring Security with Vaadin Flow (Vaadin 12)?

Teddy L.

Tatu2 · December 27, 2018, 7:36am

You could download this project https://vaadin.com/start/latest/full-stack-spring

It demonstrates how to use Vaadin Flow with Spring Boot including Security.

Teddy7 · January 2, 2019, 12:31pm

Tatu Lund:
You could download this project https://vaadin.com/start/latest/full-stack-spring

It demonstrates how to use Vaadin Flow with Spring Boot including Security.

Looked at that but for a newbie like me the Bakery app is very complex, but gives a few ideas. Like I added the maven dependency for spring-boot-starter-security, just adding this i got the login window. I further created a configuration class that extends the WebSecurityCongurerAdaptor spring class as follows:

@Configuration
@EnableWebSecurity
public class SecurityCOnfiguration extends WebSecurityConfigurerAdapter {
  @Override
  proetected void configure(HttpSecurity http) throws Exception {
     http.authorizeRequests().antMatchers("/**").permitAll();
  }
}

When I try to access the chatapp, i am getting the error:

Server connection lost, trying to reconnect…

When I disable security my chatapp starts working.

The chatapp am using is the one in the examples.

Teddy L.

Teddy7 · January 3, 2019, 8:25am

I have implemented security very basic following the Bakery App. My Java Security Configuration looks like this now:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                    .antMatchers("/")
                    .permitAll()
                .anyRequest()
                    .authenticated();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/VAADIN/**",
                "/frontend/**",
                "/images/**",
                "/frontend-es5/**", "/frontend-es6/**"
        );

    }
}

The application is working. But I have noticed that accessing other “routes” like “ui/mypage” using the app its opening but when i refresh the page “ui/mypage” using browser the page is being blocked as restricted which i want to happen when i click on the menu. How does vaadin enforce this configuration when making a call via route mechanism behaviour (ajax).

Teddy L.

paro · March 27, 2019, 5:16am

Hi,

we added a new tutorial about Spring Security and Vaadin: https://vaadin.com/tutorials/securing-your-app-with-spring-security

Maybe, it’s worth a try for you? Also, I am very interested in feedback for future improvements. One additional suggestion was to talk about the new Vaadin login component that simplifies the whole task a lot.

Cheers,
Paul