Hello,
I hope someone can give me some advices what are the best practise to create an application with multiple views where one view is restricted to logged in users.
I have multiple views in my application:
welcomeView = This view should always be displayed if the user is not logged in and if none of the views 1 to 2 is requested.
view1 = This view should always be accesseable also if the user is logged in, if this view is not called and the user is logged in he should be redirected to the backendView
view2 = Same as view1, always be accessible, also if the user is logged in
backendView = This view is only be accessable if the user is logged in, and expect view1 odr view2 is requested the logged in user should always be redirected to this view, especially if he calls a view which is not defined or if he calls the application URL (http://www.mydomain.com/).
View1 has an empty name, meaning name=“”
View2 has the following viewname: name=“view2”
Welcome: name=“welcome”
Backend: name=“backend”
Currentley I use the following code:
Application UI:
[code]
public class ApplicationUI extends UI {
protected void init(VaadinRequest request) {
new Navigator(this, this);
getNavigator().addView(WelcomeView.NAME, WelcomeView.class);
getNavigator().addView(BackendView.NAME, BackendView.class);
getNavigator().addView(View1.NAME, View1.class);
getNavigator().addView(View2.NAME, View2.class);
// Load the right view, application controller is only created if the user has sucessfully logged in
if(getSession().getAttribute("applicationController") != null && getPage().getUriFragment() == null)
getNavigator().navigateTo(BackendView.NAME);
if(getPage().getUriFragment() == null)
getNavigator().navigateTo(WelcomeView.NAME);
// We use a view change handler to ensure the user is always redirected
// to the login view if the user is not logged in.
getNavigator().addViewChangeListener(new ViewChangeListener() {
@Override
public boolean beforeViewChange(ViewChangeEvent event) {
// Check if a user has logged in
boolean isLoggedIn = getSession().getAttribute("applicationController") != null;
boolean isWelcomeView = event.getNewView() instanceof WelcomeView;
if(isLoggedIn && (isWelcomeView || isLoginView)) {
log.debug("Go to backend");
getNavigator().navigateTo(BackendView.NAME);
return false;
}
return true;
}
}
}
}
[/code]I check in the backend view if the user is logged in or not:
[code]
public class BackendView extends VerticalLayout implements View {
public static String NAME = "backend";
private ApplicationController applicationController;
public BackendView() {
// Set the title of the page
Page.getCurrent().setTitle("Application Backend");
}
@Override
public void enter(ViewChangeEvent event) {
// create the controller
if(getSession().getAttribute("applicationController") != null)
this.applicationController = (ApplicationController) getSession().getAttribute("applicationController");
else {
// "Logout" the user
getSession().setAttribute("applicationController", null);
// Refresh this view, should redirect to login view
getUI().getNavigator().navigateTo(WelcomeView.NAME);
}
}
}
[/code]When the user makes a logout the following procedure is executed:
[code]
// “Logout” the user
getSession().setAttribute(“applicationController”, null);
// Expire the session
getSession().close();
// Refresh this view, should redirect to login view
//getUI().getNavigator().navigateTo(BackendView.NAME);
getUI().getPage().reload();
[/code]The application behaves as expected, but I want to ensure if this is a good approach an esspecially secure. We want to keep the application as simple as possible therefore we do not want to use the spring framework for this “simple” access management.
Can someone give me some advices how tho improve this apporoach, or is this a bad implementation?
Thanks,
Florian