One of my client who work in the Banking industry is thinking of rewriting all his UI application with Vaadin 7. They need to follow a number of security rules including OWASP
In the previous version of their application they used ESAPI https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API to meet the owasp requirements
Is there a Vaadin add-on to do the integration between ESAPI and Vaadin 7 ?
I’m not aware of any integration that would be available in the directory. There seems to be a Java EE verson available of the library, so I don’t see any reason why you couldn’t integrate it with Vaadin. I’m not familiar with ESAPI, so there might of course be aspects that I’m not aware of. Just remember, that Vaadin is a statefull application, where the life-cycle of an object is longer than an HTTP request, this sometimes causes problems with libraries that are designed to be used in stateless application where an objects life-cycle is limited to an HTTP request. Also note, that if you are using Vaadin Push using the WebSocket channel, you won’t (with the current implementation) receive normal HTTP requests (since all communication is done through scokets) and hence you can’t rely on, for example, servlet request filters.