platform
platform copied to clipboard
vaadin
Vaadin Web Security integration improvements
Description
Various enhancements for making Vaadin Web Security API be more extendable and flexible:
- [x] https://github.com/vaadin/flow/issues/17189
- [ ] https://github.com/vaadin/flow/issues/16636
- [x] https://github.com/vaadin/flow/issues/15818
- [ ] https://github.com/vaadin/flow/issues/16953
- [ ] https://github.com/vaadin/platform/issues/4403
- [x] https://github.com/vaadin/flow/issues/11335
- [ ] https://github.com/vaadin/flow/issues/17519
- [ ] https://github.com/vaadin/spring/issues/914
- [ ] https://github.com/vaadin/flow/issues/17624
- [ ] https://github.com/vaadin/flow/issues/17859
- [ ] https://github.com/vaadin/flow/issues/18071
- [ ] https://github.com/vaadin/flow/issues/18675
- [ ] https://github.com/vaadin/flow/issues/18666
- [ ] https://github.com/vaadin/flow/issues/18681
Additional ideas by @archiecobbs https://github.com/vaadin/flow/issues/20092#issuecomment-2389486950 to be considered
A branch with an experimental attempt to integrate Vaadin with Spring Security following the Configurer pattern, to make configuration more flexible.
https://github.com/mstahv/vaadin-with-rest-end-points-and-spring-security/blob/spike/refactor-vaadin-security/src/main/java/com/vaadin/flow/spring/security/VaadinAdvancedSecurityConfigurer.java https://github.com/mstahv/vaadin-with-rest-end-points-and-spring-security/blob/spike/refactor-vaadin-security/src/main/java/com/vaadin/flow/spring/security/VaadinInternalSecurityConfigurer.java
The result would allow writing something like
@Bean
SecurityFilterChain vaadinSecurityConfig(HttpSecurity http)
throws Exception {
return http
.with(VaadinSecurityConfigurer.vaadinAdvanced(),
vaadinCfg -> vaadinCfg
.secureAnyRequest(AuthorizeHttpRequestsConfigurer.AuthorizedUrl::authenticated)
.loginView(LoginView.class)
.enableAccessControl(true)
.authenticationSuccessUrl("/")
.logoutUrl("/")
).build();
}
