使用Vaadin Flow网络应用处理登录信息，可以跨全球所有布局以及跨“路线"网络网址 [英] Handling login with a Vaadin Flow webapp, across all layouts globally and across "route" URLs

问题描述

在Vaadin 8中，在我的UI子类中，我通过检查用户的会话是否带有指示他们是否已成功登录的属性来处理登录.如果不是，则我的UI子类显示登录布局，而不显示其他具有导航选项的内容，例如菜单栏和可在该UI中切换布局的按钮.

In Vaadin 8, in my UI subclass I handled login by examining if a user’s session carried an attribute noting whether they had successfully logged in or not. If not, my UI subclass displayed a login layout rather than other content with navigation options such as menu bar and buttons that switch layout within that UI.

在Vaadin 10及更高版本中， Vaadin Flow ，即

In Vaadin 10 and later, Vaadin Flow, the UI class is apparently handled automatically by Vaadin in a manner transparent to me the app developer. Now the @Route and Router class approach is suggested as the way to navigate between forms, driven by different URLs attached to each layout. One benefit is the user being able to bookmark a location within the app, in friendly web style.

➥在Vaadin Flow中，在显示任何其他内容之前，如何处理用户已登录的全局检查?

➥ In Vaadin Flow, how does one handle a global check that the user is logged-in before displaying any other content?

我应该遵循Vaadin 8的方法，编写UI的子类吗?如果是这样，如何安装我的UI子类来代替显然由Vaadin Flow自动放置的UI?

Should I follow the Vaadin 8 approach, writing a subclass of UI? If so, how to install my subclass of UI in place of the UI apparently apparently placed automatically by Vaadin Flow?

我是否遵循手册中显示的示例 具有Servlet定义，并已在其他问题中讨论?

Do I follow the example shown in the manual with a Servlet definition, and as discussed in this other Question?

或者我应该对

Or should I be doing something with the BeforeEnterEvent discussed in routing lifecycle tutorial? While the top of that page has a brief mention of listeners firing on the UI instance, the examples across the rest of the page involve code on the layout rather than UI. So I do not understand how to handle global check across all my current and future layouts defined in my app.

我的问题与存储密码，凭据，哈希和内容无关.盐等.我正在问一种方法，以优雅地检查登录是否已完成，以阻止/授予对Vaadin Web应用程序内容的访问.

My question has nothing to do with storing passwords, credentials, hash & salt, etc. I am asking about a way to gracefully check for login being completed to block/grant access to the content of a Vaadin web app.

推荐答案

有两种不同的选择可能对您有用，这取决于您应用程序的结构.

There are a couple of different alternatives that might be useful for you, slightly depending on how you've structured you application.

1. 使您的主布局类实现BeforeEnterObserver.只要您对整个应用程序只有一个主布局，这是一种非常简单的方法.缺点之一是不会检查未配置为直接或间接使用主布局的任何@Route类.
在主布局中执行
2. 实施RouterLayout.showRouterLayoutContent(而不是依赖于默认实现)，然后在此处进行检查.仅当主要布局实际用于所有视图时，这才再次起作用，但是如果在两者之间使用中间布局，则可能会带来挑战.
3. 定义您自己的AbstractView类，该类自己为每个实例执行访问控制.这再次要求您记住所有路径始终使用AbstractView.
4. 注册一个UI范围的BeforeEnterListener，以执行访问检查.设置起来有点复杂，因为您需要一个VaadinServiceInitListener来添加一个UIInitListener来添加实际的侦听器. (在手册此处和此处.)另一方面，这种方法能够拦截任何导航事件，而与布局嵌套无关，并且不需要特殊的视图类.

1. Make your main layout class implement BeforeEnterObserver. This is a really simple approach as long as you only have one main layout for the entire application. One drawback is that there would be no checks for any @Route class that you don't configure to directly or indirectly use your main layout.
2. Implement RouterLayout.showRouterLayoutContent in your main layout (instead of relying on the default implementation), and do the checks there. This again only works when the main layout is actually used for all views, but might be challenging if having intermediate layouts in between.
3. Define your own AbstractView class that does access control on its own for each instance. This again requires that you remember to always use AbstractView for all your routes.
4. Register a UI-wide BeforeEnterListener that performs access checks. This is a little more complex to set up since you'd need a VaadinServiceInitListener that adds a UIInitListener that adds the actual listener. (Setting up those listeners is described in the manual here and here.) On the other hand, this approach is able to intercept any navigation event regardless of layout nesting and without requiring a special view class.

这篇关于使用Vaadin Flow网络应用处理登录信息，可以跨全球所有布局以及跨“路线"网络网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！