Hello Vaadin Community.
I have seen a few posts regarding integrating Vaadin applications with Shiro but didn’t like the implementations (Sorry eneuwirt).
The attachment to this post contains a small Vaadin application that integrates with Shiro using Spring based configuration.
It uses multiple windows and a pass through authentication filter.
Everything works rather nicely and a similar approach can be used to integrate with Spring Security.
I have a few concerns though.
One is that in order to make Vaadin work with this configuration I have to allow anonymous access to /UIDL. Being new to Vaadin I don’t know all the implications but the solutions I have seen with using views instead of windows don’t seem to protect /UIDL in any way. So i think this solution as at least as secure.
Second is the use of multiple windows. There have been recommendations for using views instead but in this case I like that I can dedicate /login for security functionality.
Any comments?
Thank you,
AT.
12618.zip (9.1 KB)