Spring Security Annotations

General
1

Hi there.
I was wondering if it’s possible to use spring security annotations (like @Secured or @PreAuthorize) to handle user’s actions on vaadin components?
I’m trying to ensure that some actions on my vaadin component can do only user with appropriate role.
I annotated method:

@PreAuthorize("hasRole('ADMIN')")
	public void clearSearch() ...

which is invoked after user clicks “Clear” button on my custom component.
My current user has role “SUPERADMIN”, so when user clicks the button I should get authorization exception, but everything works just like my user has role “ADMIN”. So security didn’t apply to this method.

Has anyone tried to do such manipulations in their vaadin application.

BTW: security annotations on my spring services work just fine, so it’s not a question on basic spring security configuration.

2

http://dev.vaadin.com/browser/incubator/SpringApplication

3

Well, i saw this application, it’s not what i want to do. Spring security annotations don’t work for me on methods of my vaadin custom component. So I decided to ask people. Maybe someone implemented security on vaadin components using spring security annotations.

Basically my vaadin-spring application work just fine with spring security. But what I want to do is to provide some security on my vaadin administrator’s part of application, make some actions on my vaadin components available only for supported roles of users. But for my pity when I annotated methods of my vaadin components I didn’t get expented behaivor.


@Component
@Lazy
@Scope(value = "session")
public class PropertyEditorImpl extends SearchContentComponent implements
		ClickListener, PropertyEditor {
...

	@PreAuthorize("hasRole('ADMIN')")
	public void clearSearch() {
		propertyNameField.setValue("");
		propertyValueField.setValue("");
		propertyTypeBox.setValue(ALL);
		performSearch();
	}
...
}
4

I have the same problem. if someone was able to solve this problem I will be write here a solution I will be very grateful.

5

Hi,

have you been able to find a solution? I am also interested in using the @Secured annotation in a similar manner as you are using it.

Thanks!

6

I have the same problem with Juice and Apache Shiro - security annotations not work in custom components.

7

Adding this code to the application initialization works for me, but then I have a single user app:

SecurityContextHolder.setStrategyName( SecurityContextHolder.MODE_GLOBAL );

Of course, previously it’s necessary to retrive the secured object from Spring Context.

Any thoughts about it?

8

Any one got the solution for the above issue. I am also having the same issue.

9

I’m interested on this too

10

I created example application of integration with Spring Security. It is a Spring Boot application and I’m using Vaadin4Spring addon.

This application handle @Secured and @PreAuth annotations, but only for Vaadin views.

Source

https://github.com/markoradinovic/Vaadin4Spring-MVP-Sample-SpringSecurity

Vaadin4Spring Add-on

https://github.com/peholmst/vaadin4spring