In this Vaadin tutorial, we will learn to secure the application behind basic authentication security provided by spring security module.
Table of Contents 1. Development environment 2. Spring Security BasicAuth Configuration 3. Vaadin UI Configuration 4. Maven Dependencies 5. Run the application
1. Development environment
This example uses below tools and frameworks for building the demo vaadin application secured behind spring’s basic authentication security.
2. Spring Security Basic Auth Configuration
To configure spring basic-auth security, you will need to add applicationContext.xml
file in the classpath (if it does not exist already) and then you need to configure the security settings e.g. secured URL patterns, what roles can access what URL, etc.
2.1. applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security/ http://www.springframework.org/schema/security/spring-security-4.1.xsd"> <http auto-config="true"> <intercept-url pattern="/vaadinServlet/**" access="hasRole('ROLE_EDITOR')" /> <intercept-url pattern="/vaadinServlet/*.*" access="hasRole('ROLE_EDITOR')" /> <intercept-url pattern="/**" access="hasRole('ROLE_EDITOR')" /> <http-basic /> <csrf disabled="true"/> </http> <authentication-manager> <authentication-provider> <user-service> <user name="howtodoinjava" password="password" authorities="ROLE_EDITOR" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
Now you will need to configure springSecurityFilterChain
in web.xml
file so that security is added to application. Also if you added new applicationContext.xml
file, then you will need to register the ContextLoaderListener
as well.
2.2. web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee https://www.oracle.com/java/technologies/; <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> //Other configuration will be added here </web-app>
Spring basic authentication configuration is complete. And now you can modify the respective pieces as per application’s requirements. E.g. You may want to fetch username/password details from database then you can use jdbc-user-service in authentication-provider
in applicationContext.xml
file.
3. Vaadin UI Configuration
As I have already mentioned that I am modifying vaadin hello world application, it has very basic things. Just VaadinServlet
configuration in web.xml
file and homepage screen with label to display success message in case authentication is successful.
3.1. web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee https://www.oracle.com/java/technologies/; //Spring security configuration as mentioned in above section <context-param> <description>Vaadin production mode</description> <param-name>productionMode</param-name> <param-value>false</param-value> </context-param> <servlet> <servlet-name>vaadinServlet</servlet-name> <servlet-class>com.vaadin.server.VaadinServlet</servlet-class> <init-param> <param-name>UI</param-name> <param-value>com.howtodoinjava.vaadin.demo.AppUI</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>vaadinServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app>
3.2. AppUI.java
package com.howtodoinjava.vaadin.demo; import com.vaadin.annotations.Theme; import com.vaadin.server.VaadinRequest; import com.vaadin.ui.Label; import com.vaadin.ui.UI; import com.vaadin.ui.VerticalLayout; @Theme("mytheme") public class AppUI extends UI { private static final long serialVersionUID = 1387172685749279538L; @Override protected void init(VaadinRequest vaadinRequest) { final VerticalLayout layout = new VerticalLayout(); Label label = new Label("Welcome to BasicAuth Secured Vaadin Application"); layout.addComponent(label); layout.setMargin(true); layout.setSpacing(true); setContent(layout); } }
4. Maven Dependencies
A very important part of application is to collect and configure runtime dependencies. As we are using maven, I have added following dependencies into existing pom.xml
file.
4.1. pom.xml
<!-- Spring Security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${org.springframework.version}</version> </dependency> <!-- Commons Logging is required with Spring 4.x --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency>
5. Run the application
Now the application is configured and ready to be tested. Let’s hit the application URL in browser.
-
5.1. Hit URL http://localhost:8080/VaadinExample/
You will get the browser popup to enter your username and password.
Vaadin Spring Security BasicAuth Window -
5.2. Fill INCORRECT credentials and submit
Popup fields will be cleared and it will again ask for username/password.
-
5.3. Fill CORRECT credentials and submit
Application’s home page will be displayed with success message.
Vaadin Spring Security BasicAuth Successful
Happy Learning !!
Resources:
Spring Security Reference
Vaadin Hello World Application
RFC-2617 [BasicAuth]
Comments