spring
spring copied to clipboard
vaadin
Atmosphere Push / Spring Security problem when having non-root URL mapping
Originally by snitsche on 2015-05-19 11:56:02 +0300
Hej, this problem I ran into might be a bit difficult to describe - I will try to narrow it down as good as possible. I have a project setup with vaadin-spring, vaadin-spring-boot, vaadin-push and spring-security. I also use a URL mapping "/ui/*".
I now got the situation that I can't login to a Vaadin UI with Push enabled - it always announces to have an anonymous authentication token. When disable push for this UI everything works fine. Interesting thing was that it worked on one server and didn't on a different (exactly same sources and dependencies). So I tried to find out what's the difference and found the following log-line during startup from Atmosphere:
2015-05-19 10:42:23.878 INFO 22676 --- [nio-8080-exec-1] o.a.container.JSR356AsyncSupport : JSR 356 Mapping path /ui
On the machine which worked fine this mapping was pointed at "/VAADIN", on the one which didn't work it was pointed at "/ui". The problem for this behaviour seems to be in org.atmosphere.container.JSR356AsyncSupport:55 and org.atmosphere.util.IOUtils:248 - the mapping path is retrieved from the first mapping entry of the servlet configuration. For Vaadin with vaadin-spring this is always more than one I guess - the mapping path and the "/VAADIN" entry. So if you are unlucky atmosphere will pick the not working custom url mapping for its JSR356-Support.
I don't know if this is a bug of atmosphere - from my understanding vaadin-spring-boot should auto-configure this with "org.atmosphere.container.JSR356AsyncSupport.mappingPath" if push is used.
I could get a workaround with this:
@Configuration
@EnableConfigurationProperties(VaadinServletConfigurationProperties.class)
@Import(VaadinServletConfiguration.class)
public class MyVaadinServletConfiguration extends VaadinServletConfiguration
{
@Bean
ServletRegistrationBean vaadinServletRegistration()
{
return createServletRegistrationBean();
}
@Override
protected void addInitParameters(
ServletRegistrationBean servletRegistrationBean)
{
super.addInitParameters(servletRegistrationBean);
addInitParameter(servletRegistrationBean, ApplicationConfig.JSR356_MAPPING_PATH, "/VAADIN");
}
private void addInitParameter(
ServletRegistrationBean servletRegistrationBean, String paramName,
String propertyValue) {
if (propertyValue != null) {
getLogger().info("Set servlet init parameter [{}] = [{}]",
paramName, propertyValue);
servletRegistrationBean.addInitParameter(paramName, propertyValue);
}
}
}
But it feels somehow wrong to me and I guess most users (like me) will be totally confused that it doesn't work out of the box.
Imported from https://dev.vaadin.com/ issue #17897
Originally by Artur- on 2015-05-19 16:46:39 +0300
You don't happen to have a working example project for this? Would make things easier to debug
Originally by snitsche on 2015-05-19 21:32:16 +0300
I guess I could try to set up the vaadin4spring navigation sample to use SpringSecurity and Push. I'm just not sure it will help much, because the problem itself is occuring random - only happening if by any reason the custom mapping (e.g. "/ui/") is placed before the "/VAADIN/" in the servlet context mapping list.
See org.atmosphere.util.IOUtils:248
Originally by Sami Ekblad on 2015-05-25 15:40:02 +0300
We'll check if this can be fixed already in 1.0.
Originally by hesara on 2015-08-05 11:05:23 +0300
To discuss with Petter on how to make vaadin4spring Spring Security support work with Vaadin Spring and push. At least some testing of Vaadin Spring and push has been performed by Ilya and Patrik.
Full official Spring Security support is not targeted for Vaadin Spring 1.0 but it should be possible to use Spring Security with 1.0, with or without vaadin4spring.