Vaadin-on-Kotlin Security Authentication + Authorization Demo
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
gradle/wrapper v bump Oct 16, 2018
web v bump Nov 11, 2018
.gitignore Initial commit Apr 17, 2018
.travis.yml Initial commit Apr 17, 2018
LICENSE Initial commit Apr 17, 2018
Procfile Initial Heroku integration Apr 20, 2018
README.md docs Oct 23, 2018
build.gradle.kts v bump Nov 13, 2018
gradle.properties v bump Nov 11, 2018
gradlew Initial commit Apr 17, 2018
gradlew.bat Initial commit Apr 17, 2018
settings.gradle.kts gradle kotlin Oct 19, 2018

README.md

Powered By Vaadin on Kotlin Build Status Join the chat at https://gitter.im/vaadin/vaadin-on-kotlin Heroku

Vaadin-on-Kotlin Security Demo

Demonstrates the security aspect of the Vaadin-on-Kotlin framework. For a general information on VoK Security please head to the vok-security module documentation.

Getting Started

To quickly start the app, make sure that you have Java 8 JDK installed. Then, just type this into your terminal:

git clone https://github.com/mvysny/vok-security-demo
cd vok-security-demo
./gradlew build web:appRun

The app will be running on http://localhost:8080/.

The app is running live on Heroku at https://vok-sec-demo.herokuapp.com.

About the application

The application uses the username+password authorization, with users stored in an in-memory H2 SQL database (the User class). There are no views that could be accessed publicly - the user must always log in first, in order to see any part of the app.

There are two users pre-created by the Bootstrap class:

  • The 'user' user with the password of 'user' and the role of user
  • The 'admin' user with the password of 'admin' and two roles: admin and user

The MyUI is configured to show a full-screen login form (provided for us by the Vaadin-on-Kotlin as LoginForm class). The username and password are compared against the database. The User class takes advantage of the HasPassword mixin which makes sure to store the passwords in a hashed form.

If the login succeeds, the user is then stored into the session (or, rather, the LoginManager class is stored in the session along with the currently logged-in user. This way, we can group all login/logout functionality into single class). Then, the page is refreshed. This forces Vaadin to create a new instance of the UI. Since a non-null user is now in the session, the UI will show the application layout instead of the login form.

There are four views:

  • The WelcomeView which is accessible by all logged-in users;
  • The UserView which is accessible by all users with roles user and admin
  • The AdminView which is accessible by users with the admin role only
  • The UserProfileView which shows info about the currently logged-in user and is therefore accessible by all logged-in users.

The MyUI class contains proper logic for catching and displaying AccessRejectedExceptions, by the means of installing the proper ErrorHandler into the UI. You can check the security being enforced, simply by running the project, logging in as an admin (user admin, password admin) and clicking on the "Admin" page (or visiting the http://localhost:8080/admin link).

Visit the web module docs for more documentation on the individual project files.

Dissection of project files

Let's look at all files that this project is composed of, and what are the points where you'll add functionality:

Files Meaning
build.gradle Gradle build tool configuration files. Gradle is used to compile your app, download all dependency jars and build a war file
gradlew, gradlew.bat, gradle/ Gradle runtime files, so that you can build your app from command-line simply by running ./gradlew, without having to download and install Gradle distribution yourself.
.travis.yml Configuration file for Travis-CI which tells Travis how to build the app. Travis watches your repo; it automatically builds your app and runs all the tests after every commit.
Procfile Configuration file for Heroku which hosts the app. Heroku will wait for Travis to verify the build, then it will build a Tomcat bundle and run it inside of docker.
.gitignore Tells Git to ignore files that can be produced from your app's sources - be it files produced by Gradle, Intellij project files etc.
web/ The web Gradle module which will host the web application itself. You can add more Gradle modules as your project will grow. Visit the web module docs for more documentation.

Development with Intellij IDEA Ultimate

The easiest way (and the recommended way) to develop Karibu-DSL-based web applications is to use Intellij IDEA Ultimate. It includes support for launching your project in any servlet container (Tomcat is recommended) and allows you to debug the code, modify the code and hot-redeploy the code into the running Tomcat instance, without having to restart Tomcat.

  1. First, download Tomcat and register it into your Intellij IDEA properly: https://www.jetbrains.com/help/idea/2017.1/defining-application-servers-in-intellij-idea.html
  2. Then just open this project in Intellij, simply by selecting File / Open... and click on the build.gradle file. When asked, select "Open as Project".
  3. You can then create a launch configuration which will launch the web module as exploded in Tomcat with Intellij: just scroll to the end of this tutorial: https://kotlinlang.org/docs/tutorials/httpservlets.html
  4. Start your newly created launch configuration in Debug mode. This way, you can modify the code and press Ctrl+F9 to hot-redeploy the code. This only redeploys java code though, to redeploy resources just press Ctrl+F10 and select "Update classes and resources"