0

I configured and tested security feature in general for views according description in vaadin documentation: https://vaadin.com/docs/latest/security/enabling-security

I use

<dependency>            <groupId>org.springframework.boot</groupId>         <artifactId>spring-boot-starter-security</artifactId>       </dependency>

and added @PermitAll to one of my views and user is forced to login.

What Im asking for is the following scenario:

Id like to have a view without login (security) so I added @AnonymousAllowed to it. Works well, no login required. In this view, I open a dialog (dialog.open()). And Id like this dialog to be secured, so that if the user want to see the content of the dialog, it has to log in. Tried to add @PermitAll to the dialog but doesnt change anthing. I assume, that the dialog is opened in the context of the view where I added @AnonymousAllowed as its not a separate view, just a dialog. Is their any way of forcing the dialog to require login? Maybe, before opening the dialog call a "doLoginNow" method from any of the vaadin / spring security classes?

Asked in Vaadin forum, tried different approaches according to documentation, e.g. @PermitAll or working with AuthenticationContext, but this doesnt work or just provide methods for information about context.

Sebastian Olscher
  • 11
  • 1
  • Add logic around the creation / opening of the dialog - so that it can only be opened if your user is logged-in. If that's not what you want, redirect the user to the login page of they try to open the dialog. – Knoobie Aug 18 '23 at 15:27
  • Okay - via AuthenticationContext I can check if the user is logged in. I thought there might be a automatism like the annotation for views (@PermitAll) to redirect automatically. But understood this doesnt work for dialogs. Nevertheless, can you please describe how redirecting to login page would work? – Sebastian Olscher Aug 18 '23 at 15:35
  • This requirement seems to be a bit odd because a dialog is just a HTML element and does not require navigation. Why must it be a Dialog? – Simon Martinelli Aug 18 '23 at 15:43
  • Id like to avoid to discuss the requirement here. If you´d like we can discuss it 1:1. Im asking if force login for just a dialog is technically possible or not. And if its possible, how. For sure it not has to be a dialog, but this doesnt answer the question. Maybe you could help out with some more technical details @SimonMartinelli? How to route the user to the login page if not logged in? – Sebastian Olscher Aug 18 '23 at 17:33
  • If you created the project with start.vaadin.com you can use authenticatedUser.get() and if this returns Optional.empty you just do UI.getCurrent().navigate(Login.class) – Simon Martinelli Aug 18 '23 at 18:27
  • This works, but get another problem for which I create a different question: https://stackoverflow.com/questions/76934994/keycloak-springboot-vaadin-sso-integration-and-ui-navigate-problem – Sebastian Olscher Aug 19 '23 at 16:53
  • Please add your solution as the answer or delete the question – Simon Martinelli Aug 22 '23 at 06:40

1 Answers1

0

Check if user is authenticated via AuthenticationContext. If not, redirect to @PermittAll view with UI.getCurrent().getPage().setLocation("securedPage");

Sebastian Olscher
  • 11
  • 1