Redirect from Spring Security to Login Form

Bastian7 · June 23, 2014, 12:31pm

Hi,

I have the problem, that the redirects from Spring Security are not handled by the correct UI-class. Let me explain the structure.
I have 2 UIs the regular one and the login form. Spring Security is configured to redirect all access on “/*” to “/login”, where my login form is. Everything was working fine when I used the CDIUI-Addon (I used the extra parameter on the annotation to bind the second UI to “/login”). Unfortunately I am now forced to remove the CDI-functionality, due to complications with serializing (part of clustering the application, see
https://vaadin.com/forum#!/thread/7690939
). How can I restore the old functionality? Did I do something wrong in my thought process?

I tried the following, but it’s not working:

public class AppUI extends UI
{
    @WebServlet(value = "/*", asyncSupported = true)
    @VaadinServletConfiguration(productionMode = false, ui = AppUI.class)
    public static class Servlet extends VaadinServlet {}

...
}

public class LoginUI extends UI
{
    @WebServlet(value = "/login*", asyncSupported = true)
    @VaadinServletConfiguration(productionMode = false, ui = LoginUI.class)
    public static class Servlet extends VaadinServlet {}

    @Override
    protected void init(final VaadinRequest request)
    {
        //Login Form with Spring Security authentication method calls
        ...
    }
}

Bastian7 · June 24, 2014, 8:52am

My first attempt could not work since the redirection from one UI to the other switches the servlet context and with it the session information. So the authentication is lost and therefore the user is not allowed to access the main page.
I found out that my problem can be solved with a custom ui provider like this example:

public class MyUIProvider extends UIProvider { @Override public Class<? extends UI> getUIClass(UIClassSelectionEvent event) { if (event.getRequest().getPathInfo().startsWith("/login")) return MyLoginUI.class; else return MyMainUI.class; } }When you now add to the web.xml the params, the login and main UI are under the same servlet.

<servlet> <servlet-name>VAADIN</servlet-name> <servlet-class>com.vaadin.server.VaadinServlet</servlet-class> <init-param> <param-name>UIProvider</param-name> <param-value>your.package.MyUIProvider</param-value> <description>Your custom UIProvider</description> </init-param> </servlet>Perhaps there is a way to give Vaadin these params per annotation but this way worked for me so I didn’t bother.