Maybe someone can give me a hand. I’m using Spring Integration (https://vaadin.com/directory#addon/springvaadinintegration) addon, and followed this blog (http://morevaadin.com/content/spring-security-integration/) to set spring security.
My app does the following:
- “login view” is shown
- shows the login screen: that’s fine.
- user inputs login info and gets authenticated: that’s fine
- the security context is set with the authentication data
- the “main view” is shown: that’s fine
However, if I do something as simple as add a button to the main view and show
Notification.show("auth " + SecurityContextHolder.getContext().getAuthentication());
The authentication is null. But the same Notification in the “enter(ViewChangeEvent)” of the same view is working fine.
I’m guessing something is wrong with my web.xml config o my spring-security.xml but I’ve been reading everywhere and I can’t find the problem.
Here’s my web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/root-context.xml
/WEB-INF/security.xml
</param-value>
</context-param>
<servlet>
<servlet-name>Vaadin Sample Application</servlet-name>
<servlet-class>com..MyServlet</servlet-class>
<init-param>
<param-name>beanName</param-name>
<param-value>vaadinUI</param-value>
</init-param>
<init-param>
<param-name>systemMessagesBeanName</param-name>
<param-value>DEFAULT</param-value>
</init-param>
<load-on-startup>10</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Vaadin Sample Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Vaadin Sample Application</servlet-name>
<url-pattern>/VAADIN/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
<context-param>
<description>Vaadin production mode</description>
<param-name>productionMode</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and my security.xml
<global-method-security secured-annotations="enabled" />
<http pattern="/VAADIN/**" security="none" />
<http pattern="/static/**" security="none" />
<http auto-config='true'>
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" authorities="ROLE_USER, ROLE_ADMIN"
password="admin" />
</user-service>
</authentication-provider>
</authentication-manager>
I’m guessing it has something to do with the interceptors that populate the security context but I don’t know how to fix it.
I’d appreciate any help! Thanks in advanced!!