将 spring-boot-starter-security 与 Vaadin 7 集成 [英] Integrate spring-boot-starter-security with Vaadin 7

问题描述

我正在尝试将 Spring Security 与 Vaadin Spring (https://vaadin.com/wiki/-/wiki/Main/Vaadin+Spring).

我的应用程序类刚刚启动了 Spring 应用程序

https://gist.github.com/anonymous/c047030c61b90c02d1ef

我创建了一个扩展 WebSecurityConfigurerAdapter

的类

https://gist.github.com/anonymous/0e905d0627adf5e2dc39

pom.xml 包含依赖 spring-boot-starter-security

当我输入 localhost:8080 时，它会将我重定向到登录 URL (http://localhost:8080/login) 由 Spring Security 提供.我输入用户名/密码(用户/密码)，但出现此错误.

<块引用>

java.lang.NullPointerException: null atcom.vaadin.server.LegacyCommunicationManager.getClientCache(LegacyCommunicationManager.java:194)

(https://gist.github.com/anonymous/b4be702762b5bc744c66的完整日志输出).

我尝试在 ApplicationSecurity 中添加基于我在网上找到的示例的重写方法configuration(HttpSecurity http)"，但这给了我更多错误，因为这并没有带我到/登录页面.

解决方案

我想这可能与当前测试版中并非所有功能都支持的事实有关，如 亨利·萨拉说:<块引用>

Vaadin Spring 是一个官方插件(从 alpha 到 beta片刻，有一些 API 更改)，其中包括Vaadin4Spring.

Vaadin4Spring 当前版本未涵盖的部分Vaadin Spring(事件总线，Spring Security 支持，...)在测试版发布后的某个时间转换为使用 Vaadin Spring.更多功能可能会在未来版本中迁移到官方附加组件.

无论如何，出于对 Spring Security 的好奇(到目前为止还没有使用过)，我对 Vaadin 7.4.3 进行了一些研究.我在调试时设置了根记录器，添加了一些断点 (UIInitHandler:148) 并注意到以下内容:

• 初始请求由 UIInitHandler 正确处理，并创建了相应 UI 的实例
• 在为 /error 路径触发相同的断点 @ UIInitHandler:148 之后，处理程序立即无法解析 UI，因为很可能您没有一个定义.这也让我觉得可能会抛出异常但隐藏在那里的某个地方
• 查看日志我看到很多Invalid CSRF token found for http://localhost:8080/login?v-1429092013868

所以我将 ApplicationSecurity.configure(HttpSecurity http) 方法更改为 http.csrf().disable().authorizeRequests().anyRequest().permitAll(); 并且我能够进入第二个屏幕.从我收集的信息来看，这可能不太安全，但它应该为您提供一个起点.

注意:您可能已经知道这一点，但如果您不知道，它会为您节省一些时间，我也很高兴与您分享，因为我花了一段时间才弄明白.根据您设置应用安全性的方式，您最终可能会将该方法更改为如下所示.

@Overrideprotected void configure(HttpSecurity http) 抛出异常 {http.csrf().disable().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).accessDeniedPage("/accessDenied").and().authorizeRequests().antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**", "/login", "/login/**", ";/error/**", "/accessDenied/**").permitAll().antMatchers("/authorized", "/**").fullyAuthenticated();}

I'm trying to integrating Spring Security with Vaadin Spring (https://vaadin.com/wiki/-/wiki/Main/Vaadin+Spring).

My application class just starts up the Spring Application

https://gist.github.com/anonymous/c047030c61b90c02d1ef

I created a class that extends WebSecurityConfigurerAdapter

https://gist.github.com/anonymous/0e905d0627adf5e2dc39

pom.xml includes the dependency spring-boot-starter-security

When I type in localhost:8080 it redirects me to the login url (http://localhost:8080/login) provided by Spring Security. I enter in the username/password (user/password) and I get this error.

java.lang.NullPointerException: null at com.vaadin.server.LegacyCommunicationManager.getClientCache(LegacyCommunicationManager.java:194)

(full log output at https://gist.github.com/anonymous/b4be702762b5bc744c66).

I tried adding to the ApplicationSecurity the overridden method "configuration(HttpSecurity http)" based off examples I found on the web but that gives me more errors as that doesn't take me to the /login page at all.

解决方案

I suppose it may have something to do with the fact that not all features are supported in the current beta version as stated by Henri Sara:

Vaadin Spring is an official add-on (moving from alpha to beta at the moment, with some API changes) that includes the core functionality of Vaadin4Spring.

The parts of Vaadin4Spring that are not covered by the current version of Vaadin Spring (event bus, Spring Security support, ...) will be converted to use Vaadin Spring sometime after the beta release. More functionality might migrate to the official add-on in future versions.

Anyway, out of curiosity regarding Spring Security (haven't used it so far) I've done a bit of research with Vaadin 7.4.3. I set the root logger on debug, added a few breakpoints (UIInitHandler:148) and noticed the following:

• the initial request is correctly handled by the UIInitHandler and an instance of the appropriate UI is created
• immediately after the same breakpoint @ UIInitHandler:148 is triggered for the /error path and the handler is unable to resolve the UI because most likely you don't have one defined. This also made me think that an exception may be thrown but hidden somewhere in there
• looking at the logs I saw a lot of Invalid CSRF token found for http://localhost:8080/login?v-1429092013868

So I changed a bit the ApplicationSecurity.configure(HttpSecurity http) method to http.csrf().disable().authorizeRequests().anyRequest().permitAll(); and I was able to proceed to the second screen. Now this may not be that safe from what I gathered, but it should give you a starting point.

Note: You may already know this but if you don't and it saves you some time I'm glad to share this as well, because it took me a while to figure it out. Depending on how you will setup your app security you may end up changing that method to something like below.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().
            exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).accessDeniedPage("/accessDenied")
            .and().authorizeRequests()
            .antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**","/login", "/login/**", "/error/**", "/accessDenied/**").permitAll()
            .antMatchers("/authorized", "/**").fullyAuthenticated();
}

这篇关于将 spring-boot-starter-security 与 Vaadin 7 集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！