Add stateless authentication option to VaadinWebSecurityConfigurerAdapter

[haijian-vaadin]

We have a VaadinWebSecurityConfigurerAdapter which helps with the session based authentications. Would be good to have an option there to help with JWT based stateless authentication, so that when a user wants to use stateless authentication, they could have their own SecurityConfig class by just extending from the VaadinWebSecurityConfigurerAdapter.

public class SecurityConfig extends VaadinWebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        super.configure(http);

        http
                .csrf().disable()
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        setJwtSplitCookieAuthentication(http, "myapp", 3600,
                JWSAlgorithm.HS256);
        setLoginView(http, "/login", "/logout");
        // @formatter:on
    }
}

[Artur-]

Any particular reason it should be a separate class and not an option in the existing class?

[haijian-vaadin]

Any particular reason it should be a separate class and not an option in the existing class?

It's based on the prototype, my perception is that the configuration is quite different and the login form is added differently, so e.g. the setLogin() helper won't work same way?

[Artur-]

Do you mean that the login view no longer has a URL or what changes?

[haijian-vaadin]

Yes, that's what I see from the prototype, also invite @platosha to the discussion. For different ways of adding login view in the testing app and the prototype, has it to be done the way in the prototype or could the login view be set in the same way as in the test app?

[platosha]

Updated the title / description for adding the option to existing helper class.