Team,
i am using vaadin 7 with spring and Hibernate for that i am implementing spring security for this when the user logs in to my application first i will get the information from our company site(using LDAP) as of now going very good!..
i have 2 views for my application that is Error view and Trasnaction View. Now based on the User role i need to restrict the vaadin view.
i have only 2 roles that is Market Responsible and Admin , if the user is Market Responsible i need to show only Error View if the user is Admin i wanted to show the 2 view that is Error View aswell Transaction view.
I am using discovery Navigator to navigate .
Technical Info:
[u]
[b]
[color=#FF0000]
- Step 1 :
[/color] when the user types the URL i am calling MainUI.java looks like:
[/b]
[/u]
@Controller
@Title(“Transaction Type Manager”)
@Scope(“prototype”)
@Theme(“mytheme”)
@PreserveOnRefresh
public class MainUI extends UI {
private static final long serialVersionUID = 1L;
final static Logger logger = LoggerFactory.getLogger(MainUI.class);
@Override
protected void init(VaadinRequest request) {
@SuppressWarnings("unused")
DiscoveryNavigator navigator = new DiscoveryNavigator(this, this);
}
2) Step 2 :
then from here it will displays the Login View :
public class LoginView extends VerticalLayout implements View, Button.ClickListener {
@Inject
private ApplicationContext applicationContext;
private static final long serialVersionUID = 1L;
public static final String NAME = "";
final static Logger logger = LoggerFactory.getLogger(LoginView.class);
private TextField user = null;
private PasswordField password = null;
private Button loginButton = null;
@Override
public void enter(ViewChangeEvent event) {
user.focus();
}
/**
* Presents input fields for username and password and a button for login. If the credentials were correct and the user is authorized for the
* application, the login view will redirect the user to another view.
*/
public LoginView() {
VerticalLayout layout = new VerticalLayout();
VerticalLayout elements = new VerticalLayout();
setSizeFull();
user = new TextField("Username");
password = new PasswordField("Password");
loginButton = new Button("Login", this);
loginButton.setClickShortcut(ShortcutAction.KeyCode.ENTER);
elements.addComponent(user);
elements.addComponent(password);
elements.addComponent(loginButton);
elements.setSizeUndefined();
layout.addComponent(elements);
layout.setSizeFull();
layout.setComponentAlignment(elements, Alignment.MIDDLE_CENTER);
addComponent(layout);
}
@Override
public void buttonClick(ClickEvent event) {
String username = this.user.getValue();
String password = this.password.getValue();
ActiveDirectoryLdapAuthenticationProvider authenticationManager = (ActiveDirectoryLdapAuthenticationProvider) applicationContext
.getBean(ActiveDirectoryLdapAuthenticationProvider.class);
try {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
Authentication authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
List<?> list = (List<?>) authentication.getAuthorities();
boolean isRoleAdmin = false;
[color=#FF0000]
if (list != null && !list.isEmpty()) {
for (int i = 0; i < list.size(); i++) {
if (“SEIT TransactionTypeManager Admin”.equalsIgnoreCase(list.get(i).toString())) {
isRoleAdmin = true;
break;
} else if (“SEIT TransactionTypeManager Market Responsible”.equalsIgnoreCase(list.get(i).toString())) {
}
}
}
if (isRoleAdmin) {
getUI().getNavigator().navigateTo(ErrorManagementView.NAME);
}
} catch (BadCredentialsException e) {
getUI().getNavigator().navigateTo(LoginView.NAME);
Notification.show("You have entered the wrong Username or Password. Please try again!",
[/color]Type.WARNING_MESSAGE);
} catch (ActiveDirectoryAuthenticationException e) {
Notification.show("Login failed. You are not authorized for this application!", Type.WARNING_MESSAGE);
}
}
}
the marked red color i am bit confusing how to handle i know the above code in red color not seems good, how to implement to restrict the view ?
any idea would be appriciated :