Vaadin-on-Kotlin Security Demo for Vaadin 10
Demonstrates the security aspect of the Vaadin-on-Kotlin framework. For a general information on VoK Security please head to the vok-security module documentation.
To quickly start the app, make sure that you have Java 8 JDK installed. Then, just type this into your terminal:
git clone https://github.com/mvysny/vok-security-demo-v10 cd vok-security-demo-v10 ./gradlew appRun
The app will be running on http://localhost:8080/.
The app is running live on Heroku at https://vok-security-demo-v10.herokuapp.com.
About the application
The application uses the username+password authorization, with users stored in an in-memory H2 SQL database (the User class). There are no views that could be accessed publicly - the user must log in first, in order to see any part of the app.
There are two users pre-created by the Bootstrap class:
- The 'user' user with the password of 'user' and the role of
- The 'admin' user with the password of 'admin' and two roles:
The MainLayout is configured to show a full-screen
login form (provided for us by the Vaadin-on-Kotlin as LoginForm class).
The username and password are compared against the database. The
User class takes advantage
of the HasPassword
mixin which makes sure to store the passwords in a hashed form.
If the login succeeds, the user is then stored into the session (or, rather, the
is stored in the session along with the currently logged-in user. This way, we can group all
login/logout functionality into single class). Then, the page is refreshed. This forces Vaadin
to create a new instance of the
MainLayout. Since a non-null user is now in the session, the
will not perform the reroute to the login view; instead it will show the application layout.
There are four views:
- The WelcomeView which is accessible by all logged-in users;
- The UserView which is accessible by all users with roles
- The AdminView which is accessible by users with the
- The UserProfileView which shows info about the currently logged-in user and is therefore accessible by all logged-in users.
Dissection of project files
Let's look at all files that this project is composed of, and what are the points where you'll add functionality:
|build.gradle||Gradle build tool configuration files. Gradle is used to compile your app, download all dependency jars and build a war file|
|gradlew, gradlew.bat, gradle/||Gradle runtime files, so that you can build your app from command-line simply by running
|.travis.yml||Configuration file for Travis-CI which tells Travis how to build the app. Travis watches your repo; it automatically builds your app and runs all the tests after every commit.|
|Procfile||Configuration file for Heroku which hosts the app. Heroku will wait for Travis to verify the build, then it will build a Tomcat bundle and run it inside of docker.|
|.gitignore||Tells Git to ignore files that can be produced from your app's sources - be it files produced by Gradle, Intellij project files etc.|
|src/main/resources/||A bunch of static files not compiled by Kotlin in any way; see below for explanation.|
|logback.xml||We're using Slf4j for logging and this is the configuration file for Slf4j|
|db/migration/||Database upgrade instructions for the Flyway framework. Database is upgraded on every server boot, to ensure it's always up-to-date. See the Migration Naming Guide for more details.|
|webapp/||static files provided as-is to the browser. The project stylesheet is stored here, in the styles.html file|
|src/main/kotlin/||The main Kotlin sources of your web app. You'll be mostly editing files located in this folder.|
|Bootstrap.kt||When Servlet Container (such as Tomcat) starts your app, it will run the
|MainLayout.kt||The main UI of the app; typically contains a template UI code which guarantees unified look-and-feel of your app. You then typically provide a layout which will host the views as the user navigates througout the app. Shows the
|WelcomeView.kt||The view accessible by all logged-in users, shown when the user browses the root page.|
|UserView.kt||The view accessible by users with roles of
|AdminView.kt||The view accessible by users with roles of
Development with Intellij IDEA Ultimate
The easiest way (and the recommended way) to develop Karibu-DSL-based web applications is to use Intellij IDEA Ultimate. It includes support for launching your project in any servlet container (Tomcat is recommended) and allows you to debug the code, modify the code and hot-redeploy the code into the running Tomcat instance, without having to restart Tomcat.
- First, download Tomcat and register it into your Intellij IDEA properly: https://www.jetbrains.com/help/idea/2017.1/defining-application-servers-in-intellij-idea.html
- Then just open this project in Intellij, simply by selecting
File / Open...and click on the
build.gradlefile. When asked, select "Open as Project".
- You can then create a launch configuration which will launch the
explodedin Tomcat with Intellij: just scroll to the end of this tutorial: https://kotlinlang.org/docs/tutorials/httpservlets.html
- Start your newly created launch configuration in Debug mode. This way, you can modify the code
Ctrl+F9to hot-redeploy the code. This only redeploys java code though, to redeploy resources just press
Ctrl+F10and select "Update classes and resources"