-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Introduced component-based security configuration for Spring #14303
feat: Introduced component-based security configuration for Spring #14303
Conversation
…for-the-component-based-security-configuration
…-security-configuration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This also fixes first WARN mentioned in #13868
The pattern='/images/*.png'
is in the starter application so should be fixed there after this is merged. Also stareters should be updated to use the new way.
…izer to SecurityFilterChain Changed approach of registering public resources (from ignoring to permiAll). Fixes: #13868
…nent-based-security-configuration' into feat/13910-support-for-the-component-based-security-configuration
Changed approach of registering public resources (from ignoring to permitAll) to fix mentioned issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a random thought: with previous implementation, it was common to override configure(HttpSecurity)
invoking super and then apply custom configuration.
What about preserving that method to ease migration?
New implementation will provide SecurityFilterChain bean, and developers just need to override the protected configure(HttpSecurity)
method.
Migration would just be changing base class
vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java
Outdated
Show resolved
Hide resolved
Same thought about the old |
The functionality of Yes, it should be described in migration docs. |
...t-spring-security-flow/src/main/java/com/vaadin/flow/spring/flowsecurity/SecurityConfig.java
Outdated
Show resolved
Hide resolved
…adinWebSecurity.java Co-authored-by: Marco Collovati <marco@vaadin.com>
After this feature applied, we also need to update the following article to not mention the deprecated adapter, but describe a new approach https://vaadin.com/docs/latest/security/enabling-security |
vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java
Outdated
Show resolved
Hide resolved
vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java
Show resolved
Hide resolved
vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java
Show resolved
Hide resolved
vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing javadocs, otherwise LGTM: old configure methods are there for backwards compatibility and a new Spring classes for filter chain and web customisation are also available through dedicated methods as a beans.
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
This ticket/PR has been released with Vaadin 23.2.0.beta2 and is also targeting the upcoming stable 23.2.0 version. |
Description
Introduced component-based security configuration for Spring
Fixes #13910
Type of change
Checklist
test-spring-security-flow
tests.Additional for
Feature
type of change