Here is a question on the usage of Vaadin-XS in a proxied/SSO environnement.
When following the default usage guidelines (), that is using the “GetEmbedJS” call, the resulting javascript that is
embedded in the page is pointing future call directly
to the physical server where the Vaadin application and not to the proxied location
.
In a production environnement, often a reverse-proxy (for SSO or other security purproses) would sit in the middle between the client’s browser and the server hosting the Vaadin application.
The “GetEmbedJS” uses the
getApplicationUrl
from the standard AbstractApplicationServlet to constructs the various theme/widgetset URLs that will be placed in the final javascript magic that will be embedded to the page.
Problem here is as mentionned that getApplicationUrl is not aware of the existence of a reverse proxy, so this will at the end “forward” embedded calls directly to the server hosting the application and not through the reverse proxy.
What would be the best solution to overcome this problem ? For the moment we are not using the GetEmbedJS anymore but instead we are using diretly the full magical javascript.
Is there place here for an evolution in the Vaadin XS or in Vaadin getApplicationUrl() to improve integration ?
Would be very happy to get some feedback and thought on this matter,
thanks in advance
Eric.