vaadin
Tutorial with no Login View and spring ressource-server
Hi, I'm not sure where to put this, so here I am.
I'm developing a rather big micro service cloud application with dozen of services, two of whom have a vaadin frontend. They are obviously behind a reverse proxy (nginx) which handles the authentication (forwards to an IDP).
In the documentation (https://vaadin.com/docs/latest/security/enabling-security) it states the requirement for a login view and a log out capability. I have the latter, but no vaadin log in view.
On the other hand I just wan't to configure the jwt security with spring using a ressource-server to check the provided bearer token.
Could you please provide a tutorial, how this is supposed to be configured?
I currently have this configuration, but am not sure, if this is correct.
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(ACTUATOR_HEALTH_ENDPOINT).permitAll();
http.authorizeRequests().antMatchers(ACTUATOR_PROMETHEUS_ENDPOINT).permitAll();
super.configure(http);
http.cors()
.and()
.oauth2ResourceServer()
.jwt();
}
#126 ideally together with this one since we'll move to spring boot 3 soon.
Hi, the current tutorial is now updated to V24 & SB 3. I also think this topic would be good to be covered, probably as a separate how-to guide instead of this introduction tutorial. We can keep this issue open here to remind about that, although it probably is going to be a separate article and separate example repository.
Sounds good to me. In particularly the nginx-config would be nice, since we (again) have trouble to configure it to work smoothly with vaadin. @DManstrator maybe add our config here after we verified the fix.