Hi,
i have 3 Views,
/
/about
/useronly
I added Spring Security and Keycloak, login is working etc.
BUT when i am logged in and navigate to another menu by using tab, i can access the menu. When i reload the page i get the error “Access denied” is looks like the navigation ignores the Autentication or did not reload the page?!
Has anyone an idea?
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.httpBasic().disable();
http.formLogin().disable();
// disable spring security csrf as Vaadin already provides this
// also possible to disable this in Vaadin and leave this enabled
http.csrf().disable();
http.anonymous().disable();
http
.authorizeRequests()
.antMatchers("/about").hasAnyRole("admin", "user")
.antMatchers("/useronly").hasRole("user")
.anyRequest().permitAll();
}
/**
* Allows access to static resources, bypassing Spring security.
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(
// Vaadin Flow static resources //
"/VAADIN/**",
// the standard favicon URI
"/favicon.ico",
// the robots exclusion standard
"/robots.txt",
// web application manifest //
"/manifest.webmanifest",
"/sw.js",
"/offline-page.html",
// (development mode) static resources //
"/frontend/**",
// (development mode) webjars //
"/webjars/**",
// (production mode) static resources //
"/frontend-es5/**", "/frontend-es6/**");
}
}
tab.add(new RouterLink(“Benutzerbereich”, Useronly.class)); //navigate to page /useronly
@Route(value = “useronly”, layout = MainView.class)
@PageTitle(“Useronly”)
public class Useronly extends Div {
public Useronly() {
setId("about-view");
add(new Text("Userarea"));
}
}