如何使用Vaadin4Spring MVP结构和Spring Security创建自定义登录

时间:2015-08-20 08:26:09

标签: java spring-security vaadin mvp vaadin4spring

我目前的项目是基于peholmst的vaadin4spring MVP的结构:

https://github.com/peholmst/vaadin4spring/tree/master/samples/mvp-sample

我使用 Vaadin 7.5.3 SpringBoot 1.2.5.RELEASE JSR-330 1.0(@Inject)

现在我想创建一个新的vaadin视图登录页面,结合spring security ...我的尝试如下:

HttpSecurityConfigurer.java 

import org.springframework.context.ApplicationContext;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

[...]

void configure(Environment env, ApplicationContext appContext, HttpSecurity http) throws Exception {
   http
         .authorizeRequests()
             .antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**", "/resources/**").permitAll()
             .anyRequest().authenticated()
             .and()
         .csrf().disable();


   http
         .formLogin()
             .loginPage("/login").defaultSuccessUrl("/", true).permitAll()
             .and()
         .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login").permitAll();
}

[...]

LoginUI.java 

import javax.inject.Inject;

import org.vaadin.spring.events.EventBus;

import com.vaadin.annotations.Theme;
import com.vaadin.annotations.Title;
import com.vaadin.server.VaadinRequest;
import com.vaadin.spring.annotation.SpringUI;
import com.vaadin.ui.UI;

import my.example.application.ui.presenter.Action;
import my.example.application.ui.presenter.LoginPresenter;

@SpringUI(path = "/login")
@Theme("valo")
@Title("MyLogin")
public class MyLoginUI extends UI {

    private static final long serialVersionUID = -1746340376430847935L;

    @Inject
    LoginPresenter presenter;

    @Override
    protected void init(VaadinRequest vaadinRequest) {
        eventBus.publish(this, Action.START);
        setContent(presenter.getView());
    }

}

LoginPresenter.java 

import org.vaadin.spring.events.Event;
import org.vaadin.spring.events.EventScope;
import org.vaadin.spring.events.annotation.EventBusListenerMethod;
import org.vaadin.spring.navigator.Presenter;
import org.vaadin.spring.navigator.annotation.VaadinPresenter;

import my.example.application.ui.view.LoginView;

@VaadinPresenter(viewName = LoginView.NAME)
public class LoginPresenter extends Presenter<LoginView> {

    @EventBusListenerMethod(scope = EventScope.SESSION, filter = StartupFilter.class)
    public void onStartup(Event<Action> event) {
        getView().setBody();
    }

}

LoginView.java 

import com.vaadin.spring.annotation.UIScope;
import javax.annotation.PostConstruct;
import com.vaadin.spring.annotation.SpringView;
import com.vaadin.ui.VerticalLayout;
import com.vaadin.navigator.View;
[...]

@UIScope
@SpringView(name = LoginView.NAME, ui = MyLoginUI.class)
public class LoginView extends VerticalLayout implements View {

    private static final long serialVersionUID = 8034398112492147989L;

    public static final String NAME = "loginView";

    @PostConstruct
    private void init() {
        setMargin(true);
        setSpacing(true);
        setSizeFull();
    }

    public void setBody() {
        addComponent(new Label("Heey, thats my login page! :)"));
    }

    @Override
    public void enter(ViewChangeEvent event) {

    }

}

因此,当我启动应用程序时,我的浏览器会重定向到“http://localhost:8080/login”,但它只渲染了vaadin加载动画:

Vaadin loading animation

有人可以帮助我吗?

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题,需要很长时间才能找到解决方法:

@Override
    protected void configure(HttpSecurity http) throws Exception
    {
        // Authentication is not needed for the login page
        // Permit access to VAADIN resources explicitly
        http.authorizeRequests().antMatchers( "/vaadinServlet/**", "/login")
                .permitAll();
        // TODO: For some reason I need the "auth" URL parameter. W/o the VAADIN UI does not load
        http.formLogin().loginPage("/login?auth");

        http.logout().logoutSuccessUrl("/login");

        // Any request needs to be authenticated. If a user is not authenticated => Login Page
        http.authorizeRequests().anyRequest().authenticated();

        http.csrf().disable();
    }

通常它应该在登录页面URL中没有?auth 的情况下工作(它可以是任何URL扩展名)。 通常,在 loginPage()方法中使用 permitAll()时,它应该可以正常工作。 通常它应该在没有明确允许 / login

的情况下工作

如果有人对此有解释,我会很感激。我调试了spring并查看了浏览器的响应。可能它是VAADIN为其小部件创建的* .js文件中的内容。

相关问题
最新问题