Vaadin 7.4.4 Spring Boot and Apache Shiro

Vaadin 6 / 7 / 8
1

Hi All,

I am trying the new version of vaadin (have been using 6.8.9 all the time till now due to various reasons)
and am trying to use it with Spring Boot together with Apache Shiro.

And it kinds of work for me but I have one annoying problem.
This is a general setup:

Main and only UI

@SpringUI
@Theme(“myapp”)
@Widgetset(“org.adrian.myapp.core.AppWidgetSet”)
@Title(“MyApp”)
public class MainUI extends UI {

}

Application class:

@Configuration
@ComponentScan(value={“org.adrian.bookmarks”})
@EnableAutoConfiguration
@EnableSpringConfigured
@EnableTransactionManagement(mode=AdviceMode.ASPECTJ)
@EnableLoadTimeWeaving(aspectjWeaving=AspectJWeaving.ENABLED)
public class Application extends SpringBootServletInitializer {

@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setLoginUrl("/login");
    shiroFilter.setSuccessUrl("/");
    Map<String, String> filterChainDefinitionMapping = new LinkedHashMap<String, String>();
    filterChainDefinitionMapping.put("/login/**", "authc");
    filterChainDefinitionMapping.put("/logout/", "noSessionCreation, logout");
    filterChainDefinitionMapping.put("/resources/**", "anon");
    filterChainDefinitionMapping.put("/**", "authc");
    shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
    shiroFilter.setSecurityManager(securityManager());
    return shiroFilter;
}

}

and application.properties:


vaadin.servlet.urlMapping=/UI/*

and that works as expected BUT I end up with UI being appended in URL, eg:

http://localhost:8080/myapp/UI/

If I however remove the “vaadin.servlet.urlMapping=/UI/*” from application.properties
I am getting redirection loop error in a browser - for every header response with location
pointing to http://localhost:8080/myapp/login it keeps redirecting to the very same URL
and browser gives up with an error.

So I am making here some very basic error with my setup it seems but having dfficulties
in pointing to exactly which part it is responsible for …

Also - I noticed that with the Spring Boot integration it is SpringVaadinServlet not
a “normal” vaadin servlet being used so I guess that is another (or core) problem I am introducing …

Apart from that - I am using Spring DispatchServlet for login and logour pages, eg:

@Controller
public class LoginController {

@RequestMapping(value = "/login", method = {RequestMethod.GET, RequestMethod.POST})
public String login(HttpServletRequest request, ModelMap modelMap) {

.....

 }

}

Any help ?

Thanks,
Adrian

2

My setup isn’t similar as yours, as I do authentication within the Vaadin application and do not have separate login/logout pages. I’ll post my configuration anyway, as it might be of some help.

@Bean
    @Autowired
    public JdbcRealm jdbcRealm(@Qualifier("dsManager") DataSource dsManager) {
        JdbcRealm realm = new JdbcRealm();
        realm.setDataSource(dsManager);
        realm.setAuthenticationQuery("select password from user where username = ?");

        PasswordMatcher matcher = new PasswordMatcher();
        matcher.setPasswordService(new DefaultPasswordService());
        realm.setCredentialsMatcher(matcher);

        return realm;
    }

    @Bean
    @Autowired
    public SecurityManager securityManager(JdbcRealm realm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }

    @Bean
    public Map<String, String> filterChainDefinitionsMap() {
        ImmutableMap.Builder<String, String> mapBuilder = new ImmutableMap.Builder<String, String>()
                .put("**/**", "authc").put("/VAADIN/**", "authc");
        return mapBuilder.build();
    }

    @Bean
    @Autowired
    public AbstractShiroFilter shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(securityManager);
        factoryBean.setLoginUrl("/");
        factoryBean.setSuccessUrl("/");
        // factoryBean.setFilterChainDefinitionMap(filterChainDefinitionsMap());
        try {
            return (AbstractShiroFilter) factoryBean.getObject();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot build shiroFilter", e);
        }
    }
3

Hi Kim,

Thanks very much for your reply !

I am not sure if that is going to do much with my problem but at least I can have a look at it
and see if there is any clue for me. At the moment at work so won’t be able to do much.

Anyway - thanks a lot and I will post my findings later on.

Adrian

4

Hi Kim and Everybody,

I started debugging the app and what is happening is that shiro seems to be doing the right thing.
It first redirects to /login URL but what is then happening is that that request is being served
by SpringVaadinServlet instead of Spring’s dispatch servlet …

So I am looking now at how to get it fixed.
I am very new to Spring Boot so if there is a good soul who would like to tell me how to “force”
spring to first serve that request before vaadin’s SpringVaadinServlet - please do so :wink:

Thanks,
Adrian

5

Ok - quick update if someone gets into the same problem.

I am still having some wierd behaviour - I am able to see login page now but
CSS is not there which might be something else …

Anyway - the way it works now is by adding specific mapping for spring’s dispatch sevlet:

@Bean
public DispatcherServlet dispatcherServlet() {
   return new DispatcherServlet();
}

@Bean
public ServletRegistrationBean dispatcherServletRegistration() {
   ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet(), "/login/*");
   registration.setName(DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_REGISTRATION_BEAN_NAME);

   return registration;
}

With that - I can see the login page now.

Thanks,
Adrian