Hello all,
this topic raised out of the following thread
https://vaadin.com/forum/#!/thread/1811101/1811100
.
What I need is basically absolutely the same as in this sample application, just that I want to use a View for the login page instead of a freemarker template:
https://github.com/xpoft/vaadin-samples/tree/master/apache-shiro
.
That was the short problem description
Now the long description:
So the core requirement is a simple authentication & authorization for a Vaadin application. For that purpose I want to use Apache Shiro, as it provides a simple way using annotations to satisfy the authorization needs (e.g. roles) and I can provide (custom) realms for e.g. authentication through an active directory.
Furthermore it would be very nice if the authentication would not happen through a plain jsp or http site using form authentication, but by using a view.
After I did some investigation I saw that the Spring Integration Addon (
https://vaadin.com/directory#addon/springvaadinintegration
) provides a simple way of using Apache Shiro (besides the great benefits of using spring), as, besides the useful autodiscovering of the views, a class called ShiroSecurityNavigator simply handles the authorization needs.
So I looked at the samples and tried to modify it in a way that I can use a view instead of a freemarker template.
Problem:
Using Shiros filter chain, I can not provide a login page from the views, as the url looks like this: /#!login and due to the fact that everything after the fragment identifier is not transferred to the server, Shiro does not work an produces an infinite redirect loop.
Long story short:
Has anyone a hint or at best a working example on how to use the ShiroSecurityNavigator benefits (autodiscovering of views, authorization via annotations) of the Spring Integration Addon together with a Login-View?