Skip to content

Commit

Permalink
Cherry-picked fix for security issue in tomcat for platform-13 (#762)
Browse files Browse the repository at this point in the history
* Moved access check login to ServiceInitListener (#761)
  • Loading branch information
Tulio Garcia authored and DiegoCardoso committed Mar 27, 2019
1 parent 879aaba commit 390a21a
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 28 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
package com.vaadin.starter.bakery.app.security;

import com.vaadin.flow.component.UI;
import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.server.ServiceInitEvent;
import com.vaadin.flow.server.VaadinServiceInitListener;
import com.vaadin.flow.spring.annotation.SpringComponent;
import com.vaadin.starter.bakery.ui.components.OfflineBanner;
import com.vaadin.starter.bakery.ui.exceptions.AccessDeniedException;
import com.vaadin.starter.bakery.ui.views.login.LoginView;

/**
* Adds before enter listener to check access to views.
* Adds the Offline banner.
*
*/
@SpringComponent
public class ConfigureUIServiceInitListener implements VaadinServiceInitListener {

@Override
public void serviceInit(ServiceInitEvent event) {
event.getSource().addUIInitListener(uiEvent -> {
final UI ui = uiEvent.getUI();
ui.add(new OfflineBanner());
ui.addBeforeEnterListener(this::beforeEnter);
});
}

/**
* Reroutes the user if she is not authorized to access the view.
*
* @param event
* before navigation event with event details
*/
private void beforeEnter(BeforeEnterEvent event) {
final boolean accessGranted = SecurityUtils.isAccessGranted(event.getNavigationTarget());
if (!accessGranted) {
if (SecurityUtils.isUserLoggedIn()) {
event.rerouteToError(AccessDeniedException.class);
} else {
event.rerouteTo(LoginView.class);
}
}
}
}
27 changes: 0 additions & 27 deletions src/main/java/com/vaadin/starter/bakery/ui/BakeryUI.java

This file was deleted.

1 change: 0 additions & 1 deletion src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ server.compression.mime-types=application/json,application/xml,text/html,text/xm
security.basic.enabled=false
server.tomcat.uri-encoding=UTF-8
spring.jackson.serialization.write_dates_as_timestamps=false
server.servlet.context-parameters.UI=com.vaadin.starter.bakery.ui.BakeryUI
# Comment out if using anything else than H2 (e.g. MySQL or PostgreSQL)
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect

Expand Down

0 comments on commit 390a21a

Please sign in to comment.