Secure vaadin 14 login form

Hello,

I wanted to ask how to create a secure login.

I have only one login view so far and wanted to ask now how I can change the view after successful login. The login check via a MySQL database also runs without problems. I just don’t want that someone just add “dashboard” in the url and skip the login.

@Route("login")
@PageTitle("Login")
public class LoginView extends VerticalLayout {

    private final LoginService loginService;

    private LoginOverlay loginOverlay = new LoginOverlay();

    public LoginView(LoginService loginService) {
        this.loginService = loginService;

        this.loginOverlay.setOpened(true);
        this.loginOverlay.setForgotPasswordButtonVisible(false);
        this.loginOverlay.setDescription(null);
        this.loginOverlay.setEnabled(true);

        this.loginOverlay.addLoginListener(e -> {
            if (this.loginService.authenticateUser(e.getUsername(), e.getPassword())) {

				?

            } else {
                this.loginOverlay.setError(true);
            }
        });

        this.add(loginOverlay);
    }

}

I’d suggest looking at the vaadin demo in terms of how they do this - the bakery demos has security and roles setup.

In short, you can add roles to your user object which works directly with spring.
Then you can annotate your views with the roles that area allowed to navigate to that Route.
e.g @Secured(“admin”)

If the current security context user doesn’t have the required permissions, they will be bounced to your pre-defined URL’s.

There’s also a tutorial on doing a custom version of this if you need finer grained control
https://vaadin.com/tutorials/securing-your-app-with-spring-security/fine-grained-access-control