Vaadin using SpringSecurity authentication

Question

Currently learning Vaadin8+SpringBoot for Vaadin made me wanna forget about HTML for a while. Anyways, all is good for some CRUD operations until I mixed in SpringSecurity in the project. Well, I've been searching for days now and no solution could fit in well with the expected requirements.

Expected output:

• Vaadin8+SpringBoot+SpringSecurity
• All in one project/module/artifact
• 2 @SpringUI (MainUI = "", LoginUI = "/login")
• Multiple @SpringViews contained by MainUI's ViewDisplay

Limitations:

• No login.html (from the Vaadin's demo backery app)
• No SpringMVC for login page
• No vaadin4Spring dependency
• Configurations done through annotations and not through XMLs

I know there's a way, I'm blocked how to progress on this. And if it's really not possible, need to understand as to why it isn't.

Answer 1

When you configure Spring Security, you need to allow anonymous access to the /login URL (either login.html if it is a non-vaadin form, or the login UI path if you want a separate UI for login). You also need to restrict access to the actual application UI. You also need to allow anonymous access to the static resources (i.e. /VAADIN/**).

The SecurityConfig in Bakery may give you a starting point. (Note: the starter or its parts cannot be redistributed as a code example or template)

There is a more detailed explanation here, though it only covers Vaadin and Spring Security integration (i.e. no spring-boot).