Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Evaluating Vaadin, user authentication/session management

Maarten Boekhold
1 decade ago Dec 13, 2010 9:05am

Hi all,

I'm looking at Vaadin for the development of internal web applications, and I have a few questions that I need to answer for myself before wholly embracing Vaadin. I'll use separate posts for these questions.

We need each application to start with a user login. I've been searching around and have come across the following example: Authenticating Vaadin-based applications

But to be honest, I don't really understand this method. Possibly to do with the ThreadLocal stuff.... I've also seen the (little) information available on the LoginForm class, but there seem to be a lot of limitations and problems with that, judging by the posts on this forum.

Is there an better and easier to understand method for handling user login?

Once a user has logged (using whatever method), how do you handle session time-out in Vaadin? Not seen any references to that...

Kind regards

Kim Leppänen
1 decade ago Dec 13, 2010 12:20pm
Jens Jansson
1 decade ago Dec 13, 2010 1:44pm

To keep it simple, if you just need to have a login and nothing else, you can skip ThreadLocal. All you need is a textfield for the user name, a "secret" text field for the password and a button. On the backend you have a method like public boolean login(String user, String pass); If login returns true you do change the view, with mainWindow.setContent(new MyVerySecretApplication()) or something similiar.

Usually just saying yes/no to if the user can log in is not enough. For that reason you will probably want to return a user object (own implemented) instead of a boolean. You can pass this object all around to access it where you want, but the ThreadLocal pattern is a great way to access some session specific data in a static way, anywhere in the application. There is another article about the threadlocal pattern on the wiki, found here.

About session management, what do you need? Vaadin takes care about cleaning up the session when it times out. You can also end it when ever you want with calling myApplication.close() (for a log out -button or something similar). You can also override the close-method if you need to run some own code upon close.

Henri Sara
1 decade ago Dec 13, 2010 1:54pm
Juha Suhonen
1 decade ago Jan 15, 2011 1:54pm
ts chan
1 decade ago Jan 17, 2011 3:51am
Juha Suhonen
1 decade ago Jan 19, 2011 7:19pm
Kim Leppänen
1 decade ago Jan 20, 2011 5:45am
Juha Suhonen
1 decade ago Jan 20, 2011 7:20am
Matúš Ferko
1 decade ago Apr 11, 2011 1:56pm
Lam Le
1 decade ago Sep 28, 2011 11:05am
Marko Grönroos
1 decade ago Sep 28, 2011 12:03pm
Henri Sara
1 decade ago Sep 29, 2011 7:14am