Vaadin 22 with Spring MVC and Spring Security

212 views Asked by At

I am trying to get a basic Vaadin22 app running with Spring MVC and Spring Security. The vaadin docs seem to allude that this is possible,

If an application is based on Spring Boot, this mechanism can be enabled by using a set of annotations and with minimum Spring Security configurations. However, it is also possible to use it in Vaadin Spring applications that are not based on Spring Boot, with some extra configurations.

I have started with skeleton-starter-flow v22, forked to here and added basic Spring integration (see here). I have then attempted to add Spring Security.

I initially extended Vaadin's VaadinWebSecurityConfigurerAdapter (see here), but when I run the app it fails because there are missing autowired dependencies.

Next, I forced some component scanning to detect the missing dependencies (see here), but now there is a ClassNotFoundException because there is a dependency on the Spring Boot class, ServletRegistrationBean

Finally, I abandoned Vaadin's VaadinWebSecurityConfigurerAdapter and instead extended Spring's WebSecurityConfigurerAdapter (see here). Now the app runs, but I am not seeing the default login screen that Spring is supposed to provide by default.

Any assistance greatly appreciated.

Note: The app can be run using,

mvn jetty:run
1

There are 1 answers

0
smillied On BEST ANSWER

So it seems that Vaadin's VaadinWebSecurityConfigurerAdapter is intended for use with Spring Boot (which I'm trying to avoid). In order to get basic Spring Security working, I extended Spring's WebSecurityConfigurerAdapter instead, but I was missing an implementation of Spring's AbstractSecurityWebApplicationInitializer which registers the appropriate security filter. See here for the working solution.

The problem with this, is that I will not get Vaadin's View-Based Access Control. In order to get this, I will need to start using/migrating functionality from VaadinWebSecurityConfigurerAdapter.