Module de.codecamp.vaadin.security.spring
Package de.codecamp.vaadin.security.spring.config

Class VaadinSecurityConfigurer

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinSecurityConfigurer,org.springframework.security.config.annotation.web.builders.HttpSecurity>
de.codecamp.vaadin.security.spring.config.VaadinSecurityConfigurer
All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
public class VaadinSecurityConfigurer extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinSecurityConfigurer,org.springframework.security.config.annotation.web.builders.HttpSecurity>
Configures a Spring Security filter chain for Vaadin.
  • Disables CSRF support for Vaadin-related requests. Vaadin already handles this on its own.
  • Only specific URLs (UI root URL and /VAADIN) and requests (framework and endpoint requests) will pass through the Spring Security filter chain.
  • Does NOT restrict access based on URLs or requests. Access control is handled by RouteAccessControl on a per view-basis and by EndpointAccessChecker per endpoint class or method.
  • If enabled, configures the form login and logout endpoints as needed for the standard authentication provided by the VaadinAuthenticationService.
Apply this configuration to a HttpSecurity like this:

http.apply(new VaadinSecurityConfigurer());

  • Constructor Summary

    Constructors
    Constructor
    Description
    VaadinSecurityConfigurer()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
     
    void
    init(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
     

    Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

    disable, withObjectPostProcessor

    Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

    addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • VaadinSecurityConfigurer

      public VaadinSecurityConfigurer()

  • Method Details

    • init

      public void init(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Specified by:
      init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Overrides:
      init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Throws:
      Exception

    • configure

      public void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Specified by:
      configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Overrides:
      configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Throws:
      Exception