Vaadin Spring Security BasicAuth Example

In this tutorial, we will learn to secure vaadin application behindbasic authentication security provided byspring security module.

I am updating the vaadin hello world application sourcecode with spring security configuration, so if you already have any vaadin application, you can directly look intospring security section.

Table of Contents Development environment Spring Security BasicAuth Configuration Vaadin UI Configuration Maven Dependencies Run the application Development environment

This example uses below tools and frameworks for building the demo vaadin application secured behind spring’s basic authentication security.

JDK 1.8 Vaadin 7.7.0 Spring Security 4.1.3.RELEASE Eclipse Luna Tomcat 7 Spring Security BasicAuth Configuration

To configure spring basicauth security, you will need to add applicationContext.xml file in classpath (if it does not exist already) and then you need to configure the security settings e.g. secured URL patterns, what roles can access what URL etc.

applicationContext.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd"> <http auto-config="true"> <intercept-url pattern="/vaadinServlet/**" access="hasRole('ROLE_EDITOR')" /> <intercept-url pattern="/vaadinServlet/*.*" access="hasRole('ROLE_EDITOR')" /> <intercept-url pattern="/**" access="hasRole('ROLE_EDITOR')" /> <http-basic /> <csrf disabled="true"/> </http> <authentication-manager> <authentication-provider> <user-service> <user name="howtodoinjava" password="password" authorities="ROLE_EDITOR" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>

Now you will need to configure springSecurityFilterChain in web.xml file so that security is added to application. Also if you added new applicationContext.xml file, then you will need to register the ContextLoaderListener as well.

Spring basic authentication configuration is complete. And now you can modify the respective pieces as per application’s requirements. E.g. You may want to fetch username/password details from database then you can usejdbc-user-service in authentication-provider in applicationContext.xml file.

Vaadin UI Configuration

As I have already mentioned that I am modifying vaadin hello world application, it has very basic things. Just VaadinServlet configuration in web.xml file and homepage screen with label to display success message in case authentication is successful.

web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> //Spring security configuration as mentioned in above section <context-param> <description>Vaadin production mode</description> <param-name>productionMode</param-name> <param-value>false</param-value> </context-param> <servlet> <servlet-name>vaadinServlet</servlet-name> <servlet-class>com.vaadin.server.VaadinServlet</servlet-class> <init-param> <param-name>UI</param-name> <param-value>com.howtodoinjava.vaadin.demo.AppUI</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>vaadinServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app> AppUI.java package com.howtodoinjava.vaadin.demo; import com.vaadin.annotations.Theme; import com.vaadin.server.VaadinRequest; import com.vaadin.ui.Label; import com.vaadin.ui.UI; import com.vaadin.ui.VerticalLayout; @Theme("mytheme") public class AppUI extends UI { private static final long serialVersionUID = 1387172685749279538L; @Override protected void init(VaadinRequest vaadinRequest) { final VerticalLayout layout = new VerticalLayout(); Label label = new Label("Welcome to BasicAuth Secured Vaadin Application"); layout.addComponent(label); layout.setMargin(true); layout.setSpacing(true); setContent(layout); } } Maven Dependencies

A very important part of application is to collect and configure runtime dependencies. As we are usingmaven, I have added following dependencies into existing pom.xml file.

pom.xml  <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${org.springframework.version}</version> </dependency>  <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> Run the application

Now the application is configured and ready to be tested. Let’s hit the application URL in browser.

Hit URL http://localhost:8080/VaadinExample/

You will get the browser popup to enter your username and password.