Raul83
(Raul Bob)
September 29, 2020, 4:32am
1
Hello,
I’m trying to implement Forget Password functionality in my Vaadin 14 Application and I can’t get the ForgetPasswordView to open.
I routed it like any other View in my app using @Route (“forgotpassword”).
I try to acces it: UI.getCurrent().navigate(“forgotpassword”);
But it just won’t show up. Should @Route contain somthing else also. What am I missing?
ollit.1
(Olli Tietäväinen)
September 29, 2020, 6:31am
2
Looks ok to me based on what you shared.
Mayuri3
(Mayuri Bhuva)
September 29, 2020, 6:46am
3
You can navigate using:
UI.getCurrent().navigate(ForgetPasswordView.class);
ollit.1
(Olli Tietäväinen)
September 29, 2020, 6:50am
4
Yes, but the String parameter should work too.
Mayuri3
(Mayuri Bhuva)
September 29, 2020, 6:56am
5
Olli Tietäväinen:
Yes, but the String parameter should work too.
Yes, exactly. I tried that too. And it works as well. I dont know what is the problem here!
Raul83
(Raul Bob)
October 4, 2020, 4:48am
6
Thank you for the reply. I think it is a Spring Security issue, then. I tried something like: .antMatchers("/forgotpassword**").permitAll()
I tried
web.ignoring().antMatchers("/forgotpassword**")
The search bar shows: http://localhost:8080/forgotpassword but it won’t go to that location. Login page is present still.
Mayuri3
(Mayuri Bhuva)
October 4, 2020, 5:07am
7
Can you show your security configuration code??
Raul83
(Raul Bob)
October 6, 2020, 5:59am
8
Thank you for the reply. I think it is a Spring Security issue, then. I tried something like: .antMatchers("/forgotpassword**").permitAll()
I tried
web.ignoring().antMatchers("/forgotpassword**")
The search bar shows: http://localhost:8080/forgotpassword but it won’t go to that location. Login page is present still.
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
public static final String DUMMY_LOGIN = "admin";
private static final String LOGIN_PROCESSING_URL = "/login";
private static final String LOGIN_FAILURE_URL = "/login?error";
private static final String LOGIN_URL = "/login";
private static final String LOGOUT_SUCCESS_URL = "/login";
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private CompanyService companyService;
@Autowired
private DummyCurrentLogin dummyCurrentLogin;
/**
* Registers our UserDetailsService and the password encoder to be used on login attempts.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().antMatcher("/forgotpassword**")
// Register our CustomRequestCache that saves unauthorized access attempts, so
// the user is redirected after login.
.requestCache().requestCache(new CustomRequestCache()) //
// Restrict access to our application.
.and().authorizeRequests()
.antMatchers("/forgotpassword").permitAll()
// Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll() //
// Secure access to Users view.
.antMatchers("/users/**").hasAnyAuthority(UserRole.SUPER_ADMIN.name(), UserRole.ADMIN.name())
// Secure access to Companies view.
.antMatchers("/companies/**").hasAuthority(UserRole.SUPER_ADMIN.name())
// .antMatchers(
// "/forgotpassword**").permitAll()
// Allow all requests by logged in users.
.anyRequest().authenticated() //
// Configure the login page.
.and().formLogin().loginPage(LOGIN_URL).permitAll() //
.loginProcessingUrl(LOGIN_PROCESSING_URL) //
.failureUrl(LOGIN_FAILURE_URL)
// Configure logout
.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
"/icons/**",
"/images/**",
"/styles/**",
"/h2-console/**");
}
/**
* The password encoder to use when encrypting passwords.
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public CurrentLogin currentLogin(UserRepository userRepository) {
final String username = SecurityUtils.getUsername();
if (DUMMY_LOGIN.equals(username)) {
return dummyCurrentLogin.get();
}
Optional<User> optionalUser = userRepository.findByEmailIgnoreCase(username);
if (optionalUser.isPresent()) {
Optional<Company> optionalCompany = companyService.findById(optionalUser.get().getCompanyId());
if (optionalCompany.isPresent()) {
return new CurrentLoginImpl(optionalUser.get(), optionalCompany.get());
}
}
return null;
}
}
Mayuri3
(Mayuri Bhuva)
October 6, 2020, 6:25am
9
Your code looks fine and it should work. I don’t know why it’s not working. According to your code, “/forgotpassword” doesn’t need any authentication.