vaadin4spring icon indicating copy to clipboard operation
vaadin4spring copied to clipboard

Published 20 hours ago verified publisher icon peholmst

Trouble using VaadinSecurity

Open flexguse opened this issue 7 years ago • 6 comments

Hi everybody,

currently I face some trouble using managed VaadinSecurity.

My setup:

  • Vaadin 8.0.7
  • vaadin-spring-ext-security 2.0.0.RELEASE
  • Java 1.8
  • Spring-Boot 1.5.4
  • Vaadin Push enabled

My application has several views which are managed by the Vaadin Navigator. One view is the admin-view for which a login is needed. I followed the sample application for managed security and I'm able to log-in. But when I switch to another view and back to the admin view, I have to re-login even if the HTTP Session was not closed.

I supposed some implementation error in the vaadin-spring-ext-security, so I created a simple custom service which sets the SecurityContext. This service was tried in @VaadinSessionScope and in singleton scope but it behaved like the vaadin-spring-ext-security and lost the user context after switching the view.

Maybe my issue is related to https://stackoverflow.com/questions/33541022/vaadin-springboot-integration-and-securitycontextholder-getcontext-is-null? Any thoughts?

Cheers, Christoph

flexguse avatar Jul 24 '17 15:07 flexguse

I'm facing the same problem, did you solve it?

AlvaroFalcon avatar Aug 10 '17 10:08 AlvaroFalcon

Hi Alvaro,

fortunately I found a workaround which differs from the docs.

I switched on Spring auto configuration for security and configured spring-security for allowed anonymous access to my application. With this configuration Spring seems to link the HTTP session with a SecurityContext. In my Vaadin login-form I used VaadinSecurity to set the user's detail into the SecurityContext. After that I'm able to navigate between my views, after a page refresh with F5 the user is still authenticated. To logout I used SecurityContextHolder.clearContext(); as the VaadinSecurity logout method did not work properly.

Hope that helps, Christoph

flexguse avatar Aug 10 '17 21:08 flexguse

Yep it helped me a bit tbh, but I found out that my problem was a bit different but also found a fix for it, thanks for the help.

AlvaroFalcon avatar Aug 11 '17 12:08 AlvaroFalcon

@AlvaroFalcon How did you fix this problem? I'm having the same issue, but no clue how to solve it..

Switching views is no Problem, but reloading. I do also have a INFO log entry like this: o.v.s.s.shared.PushSecurityInterceptor : Found no SecurityContextRepository in the application context, using HttpSessionSecurityContextRepository

khauser avatar Nov 20 '17 10:11 khauser

I have the same issue. I am using the keycloak spring adapter. When enabling Vaadin Push everything works, except security is somehow ignored. I also see the warning: o.v.s.s.shared.PushSecurityInterceptor : Found no SecurityContextRepository in the application context, using HttpSessionSecurityContextRepository

chvndb avatar Dec 04 '17 21:12 chvndb

Have you tried something like this in your UI class?:

@Override
protected void init(VaadinRequest vaadinRequest) {
	// ...
	if (vaadinSecurity.isAuthenticated()) {
			setContent(adminView);
			removeStyleName("loginView");
			getNavigator().navigateTo(getNavigator().getState());
	} else {
			setContent(loginView);
			addStyleName("loginView");
	}
}

zygimantus avatar Jan 30 '18 13:01 zygimantus