Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble using VaadinSecurity #313

Open
flexguse opened this issue Jul 24, 2017 · 6 comments
Open

Trouble using VaadinSecurity #313

flexguse opened this issue Jul 24, 2017 · 6 comments

Comments

@flexguse
Copy link

Hi everybody,

currently I face some trouble using managed VaadinSecurity.

My setup:

  • Vaadin 8.0.7
  • vaadin-spring-ext-security 2.0.0.RELEASE
  • Java 1.8
  • Spring-Boot 1.5.4
  • Vaadin Push enabled

My application has several views which are managed by the Vaadin Navigator. One view is the admin-view for which a login is needed.
I followed the sample application for managed security and I'm able to log-in. But when I switch to another view and back to the admin view, I have to re-login even if the HTTP Session was not closed.

I supposed some implementation error in the vaadin-spring-ext-security, so I created a simple custom service which sets the SecurityContext. This service was tried in @VaadinSessionScope and in singleton scope but it behaved like the vaadin-spring-ext-security and lost the user context after switching the view.

Maybe my issue is related to https://stackoverflow.com/questions/33541022/vaadin-springboot-integration-and-securitycontextholder-getcontext-is-null? Any thoughts?

Cheers,
Christoph
@AlvaroFalcon
Copy link

I'm facing the same problem, did you solve it?

@flexguse
Copy link
Author

Hi Alvaro,

fortunately I found a workaround which differs from the docs.

I switched on Spring auto configuration for security and configured spring-security for allowed anonymous access to my application. With this configuration Spring seems to link the HTTP session with a SecurityContext.
In my Vaadin login-form I used VaadinSecurity to set the user's detail into the SecurityContext. After that I'm able to navigate between my views, after a page refresh with F5 the user is still authenticated.
To logout I used SecurityContextHolder.clearContext(); as the VaadinSecurity logout method did not work properly.

Hope that helps,
Christoph

@AlvaroFalcon
Copy link

Yep it helped me a bit tbh, but I found out that my problem was a bit different but also found a fix for it, thanks for the help.

@khauser
Copy link

khauser commented Nov 20, 2017
edited
Loading

@AlvaroFalcon How did you fix this problem? I'm having the same issue, but no clue how to solve it..

Switching views is no Problem, but reloading. I do also have a INFO log entry like this: o.v.s.s.shared.PushSecurityInterceptor : Found no SecurityContextRepository in the application context, using HttpSessionSecurityContextRepository

@chvndb
Copy link

chvndb commented Dec 4, 2017

I have the same issue. I am using the keycloak spring adapter. When enabling Vaadin Push everything works, except security is somehow ignored. I also see the warning:
o.v.s.s.shared.PushSecurityInterceptor : Found no SecurityContextRepository in the application context, using HttpSessionSecurityContextRepository

@zygimantus
Copy link

Have you tried something like this in your UI class?:

@Override
protected void init(VaadinRequest vaadinRequest) {
	// ...
	if (vaadinSecurity.isAuthenticated()) {
			setContent(adminView);
			removeStyleName("loginView");
			getNavigator().navigateTo(getNavigator().getState());
	} else {
			setContent(loginView);
			addStyleName("loginView");
	}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@khauser @chvndb @flexguse @AlvaroFalcon @zygimantus