Hi there.
I was wondering if it’s possible to use spring security annotations (like @Secured or @PreAuthorize) to handle user’s actions on vaadin components?
I’m trying to ensure that some actions on my vaadin component can do only user with appropriate role.
I annotated method:
@PreAuthorize("hasRole('ADMIN')")
public void clearSearch() ...
which is invoked after user clicks “Clear” button on my custom component.
My current user has role “SUPERADMIN”, so when user clicks the button I should get authorization exception, but everything works just like my user has role “ADMIN”. So security didn’t apply to this method.
Has anyone tried to do such manipulations in their vaadin application.
BTW: security annotations on my spring services work just fine, so it’s not a question on basic spring security configuration.
Well, i saw this application, it’s not what i want to do. Spring security annotations don’t work for me on methods of my vaadin custom component. So I decided to ask people. Maybe someone implemented security on vaadin components using spring security annotations.
Basically my vaadin-spring application work just fine with spring security. But what I want to do is to provide some security on my vaadin administrator’s part of application, make some actions on my vaadin components available only for supported roles of users. But for my pity when I annotated methods of my vaadin components I didn’t get expented behaivor.
@Component
@Lazy
@Scope(value = "session")
public class PropertyEditorImpl extends SearchContentComponent implements
ClickListener, PropertyEditor {
...
@PreAuthorize("hasRole('ADMIN')")
public void clearSearch() {
propertyNameField.setValue("");
propertyValueField.setValue("");
propertyTypeBox.setValue(ALL);
performSearch();
}
...
}