Skip to content

Add documentation for Custom Authorization Rules and Disabling Features in Vaadin Security #4485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 15, 2025
Merged

Add documentation for Custom Authorization Rules and Disabling Features in Vaadin Security #4485

merged 11 commits into from
Aug 15, 2025

Conversation

@fredpena
Copy link
Contributor

@fredpena fredpena commented Aug 8, 2025

Summary

This PR adds detailed for two key sections in Vaadin Security configuration:

  1. Custom Authorization Rules – explains what they are, their use cases, and how they complement Vaadin's annotation-based view access control.
  2. Disabling Features – explains the default behavior of CSRF configuration and Navigation Access Control in VaadinSecurityConfigurer, and when it is safe to disable them.

fredpena and others added 9 commits July 25, 2025 08:54
@fredpena
docs: enhance description of TemporaryFileUploadHandler in file-handl…
c48f24a 
…ing.adoc
@fredpena
docs: Clarify Spring Boot multipart limits and stream handling in Upl…
d44f3dc 
…oad file size section
@fredpena @mcollovati
Update articles/components/upload/index.adoc
f9a035b 
Co-authored-by: Marco Collovati <mcollovati@gmail.com>
@fredpena
Update file-handling.adoc
b613337 
Remove 'The temporary files are automatically deleted when the upload is complete or the component is detached.'
@mshabarov
Merge branch 'latest' into latest
b1edb82
@mshabarov
Merge branch 'v24' into latest
728ba81
@fredpena
Merge branch 'vaadin:v24' into latest
a8f804c
@fredpena
Update vaadin-security-configurer.adoc
e86def7 
Provided detailed documentation on what Custom Authorization Rules are, their use cases, and how they complement Vaadin's view-based access control.
@fredpena
Update vaadin-security-configurer.adoc
23382d7 
Documented the purpose and effects of disabling CSRF configuration and Navigation Access Control in VaadinSecurityConfigurer. Clarified default behavior, when it is safe to disable, and the implications for application security.
@peholmst peholmst requested a review from mshabarov August 10, 2025 09:58
@peholmst peholmst added target/main cherry pick to main branch flow labels Aug 10, 2025
mshabarov
mshabarov approved these changes Aug 15, 2025
View reviewed changes
Copy link
Contributor

@mshabarov mshabarov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good addition, thanks @fredpena 👍

mshabarov
mshabarov reviewed Aug 15, 2025
View reviewed changes
@mshabarov mshabarov merged commit d588b13 into vaadin:v24 Aug 15, 2025
3 of 4 checks passed
vaadin-bot pushed a commit that referenced this pull request Aug 20, 2025
@fredpena @vaadin-bot
Add documentation for Custom Authorization Rules and Disabling Featur…
622bcc0 
…es in Vaadin Security (#4485)

Summary
This PR adds detailed for two key sections in Vaadin Security configuration:

Custom Authorization Rules – explains what they are, their use cases, and how they complement Vaadin's annotation-based view access control.
Disabling Features – explains the default behavior of CSRF configuration and Navigation Access Control in VaadinSecurityConfigurer, and when it is safe to disable them.
peholmst added a commit that referenced this pull request Aug 20, 2025
@vaadin-bot @fredpena @peholmst
Add documentation for Custom Authorization Rules and Disabling Featur…
f8ee906 
…es in Vaadin Security (#4485) (#4519)

Summary
This PR adds detailed for two key sections in Vaadin Security configuration:

Custom Authorization Rules – explains what they are, their use cases, and how they complement Vaadin's annotation-based view access control.
Disabling Features – explains the default behavior of CSRF configuration and Navigation Access Control in VaadinSecurityConfigurer, and when it is safe to disable them.

Co-authored-by: Fred Peña <f.ant.pena@gmail.com>
Co-authored-by: Petter Holmström <petter@vaadin.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mshabarov mshabarov mshabarov approved these changes

Assignees

No one assigned

Labels

cherry-picked-main flow target/main cherry pick to main branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fredpena @mshabarov @peholmst @vaadin-bot