Hi all,
Is there an alternative for com.vaadin.cdi.access.JaasAccessControl in Vaadin FLOW ? The package com.vaadin.cdi.access has disappeared from library “vaadin-cdi-11.0.1” (since 10.x.x).
We need this utility to use the JBOSS security realm (login, logout, getPrincipal). In fact our complete security mechanism is based on this class.
Can anyone help us ?
Thank you.
Luc
The class JaasAccessControl is not depending on rest of the add-on, so you can easily just copy paste it to your project. It is relying on VaadinServletService.getCurrentServletRequest() method of the framework, which has not changed since Vaadin 8.
@Default
public class JaasAccessControl extends AccessControl implements Serializable {
@Override
public boolean isUserSignedIn() {
Principal principal = getCurrentRequest().getUserPrincipal();
return principal != null;
}
@Override
public boolean isUserInRole(String role) {
return getCurrentRequest().isUserInRole(role);
}
@Override
public String getPrincipalName() {
Principal principal = getCurrentRequest().getUserPrincipal();
if (principal != null) {
return principal.getName();
}
return null;
}
/**
* Logs in the user to underlying container security context using
* configured security domain in deployment descriptor
*
* @param username
* @param password
* @throws ServletException
* if login fails or current session has already been
* authenticated
*/
public static void login(String username, String password)
throws ServletException {
getCurrentRequest().login(username, password);
}
/**
* Logs user out from current container managed security context
*
* @throws ServletException
*/
public static void logout() throws ServletException {
getCurrentRequest().logout();
}
@RequestScoped
public static HttpServletRequest getCurrentRequest() {
HttpServletRequest request = VaadinServletService
.getCurrentServletRequest();
getLogger().info("Getting request " + request);
return request;
}
private static Logger getLogger() {
return Logger.getLogger(JaasAccessControl.class.getCanonicalName());
}
}
public abstract class AccessControl {
/**
* Returns true if some used has logged in.
*
* @return true if a user is logged in
*/
public abstract boolean isUserSignedIn();
/**
* Checks if the current user has a role.
*
* @param role
* @return true if currently logged in user is in given role
*/
public abstract boolean isUserInRole(String role);
/**
* Returns the principal (user) name of the currently logged in user.
*
* @return name of the user that is currently logged in, if no user is
* logged in null will be returned.
*/
public abstract String getPrincipalName();
/**
* Checks if the user has any of the given roles.
*
* @param roles
* @return true if currently logged in user is in some of given roles
*/
public boolean isUserInSomeRole(String... roles) {
for (String role : roles) {
if (isUserInRole(role)) {
return true;
}
}
return false;
}
}
Thank you very much. This will fix my problem.
Luc