-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-picked fix for security issue in tomcat for platform-13 (#762)
* Moved access check login to ServiceInitListener (#761)
- Loading branch information
1 parent
879aaba
commit 390a21a
Showing
3 changed files
with
45 additions
and
28 deletions.
There are no files selected for viewing
45 changes: 45 additions & 0 deletions
45
src/main/java/com/vaadin/starter/bakery/app/security/ConfigureUIServiceInitListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
package com.vaadin.starter.bakery.app.security; | ||
|
||
import com.vaadin.flow.component.UI; | ||
import com.vaadin.flow.router.BeforeEnterEvent; | ||
import com.vaadin.flow.server.ServiceInitEvent; | ||
import com.vaadin.flow.server.VaadinServiceInitListener; | ||
import com.vaadin.flow.spring.annotation.SpringComponent; | ||
import com.vaadin.starter.bakery.ui.components.OfflineBanner; | ||
import com.vaadin.starter.bakery.ui.exceptions.AccessDeniedException; | ||
import com.vaadin.starter.bakery.ui.views.login.LoginView; | ||
|
||
/** | ||
* Adds before enter listener to check access to views. | ||
* Adds the Offline banner. | ||
* | ||
*/ | ||
@SpringComponent | ||
public class ConfigureUIServiceInitListener implements VaadinServiceInitListener { | ||
|
||
@Override | ||
public void serviceInit(ServiceInitEvent event) { | ||
event.getSource().addUIInitListener(uiEvent -> { | ||
final UI ui = uiEvent.getUI(); | ||
ui.add(new OfflineBanner()); | ||
ui.addBeforeEnterListener(this::beforeEnter); | ||
}); | ||
} | ||
|
||
/** | ||
* Reroutes the user if she is not authorized to access the view. | ||
* | ||
* @param event | ||
* before navigation event with event details | ||
*/ | ||
private void beforeEnter(BeforeEnterEvent event) { | ||
final boolean accessGranted = SecurityUtils.isAccessGranted(event.getNavigationTarget()); | ||
if (!accessGranted) { | ||
if (SecurityUtils.isUserLoggedIn()) { | ||
event.rerouteToError(AccessDeniedException.class); | ||
} else { | ||
event.rerouteTo(LoginView.class); | ||
} | ||
} | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters