Reputation: 25770
Vaadin Session and Spring Security Authentication object
I have implemented Spring Boot/Vaadin 8 application which uses Spring Security in order to authenticate and authorize the user. I use usual Thymeleaf/HTML template for my login form(not Vaadin UI).
Right now inside of Vaadin application I'm able to reach the authenticated user in a standard following Spring way:
SecurityContextHolder.getContext().getAuthentication()
On the other hand, there is another, purely Vaadin mechanism:
VaadinSession.getCurrent()
I have a question, do I need to place in some way the Spring Authentication object to VaadinSession or it is okay to use both of these approaches separately and just invoke SecurityContextHolder.getContext().getAuthentication() inside of Vaadin application where needed?
Upvotes: 2
Views: 683
Answers (1)
Reputation: 2843
There is no need to place Authentication inside the VaadinSession.
Basically Spring Security wraps your Vaadin Application behind a Login. For the Vaadin Application itself it more or less doesn't matter.
If you wan't to add permissions for view access you can use your own implementation of ViewAccessControl to check if an authenticated user has the required permissions to access a certain view.
Upvotes: 2
Related Questions
- Vaadin multi user session management
- Vaadin authentication best practice
- Custom Spring Security Login with Vaadin 10
- Vaadin using SpringSecurity authentication
- Spring security vaadin Authetication manager bean
- Spring Security + Vaadin Session No VaadinSession
- Spring Boot Security with Vaadin Login
- spring security and VAADIN
- Java Config for Spring Security with Vaadin
- Integrating spring and vaadin