Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mvysny/vok-security-demo

Vaadin-on-Kotlin Security Authentication + Authorization Demo for Vaadin
https://github.com/mvysny/vok-security-demo

kotlin vaadin

Last synced: 5 days ago
JSON representation

Vaadin-on-Kotlin Security Authentication + Authorization Demo for Vaadin

Host: GitHub
URL: https://github.com/mvysny/vok-security-demo
Owner: mvysny
License: mit
Created: 2018-04-18T19:25:00.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-10-20T06:24:13.000Z (24 days ago)
Last Synced: 2024-11-01T11:34:33.617Z (12 days ago)
Topics: kotlin, vaadin
Language: Kotlin
Homepage:
Size: 2.25 MB
Stars: 7
Watchers: 4
Forks: 1
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

[![Powered By Vaadin on Kotlin](http://vaadinonkotlin.eu/iconography/vok_badge.svg)](http://vaadinonkotlin.eu)
[![Join the chat at https://gitter.im/vaadin/vaadin-on-kotlin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/vaadin/vaadin-on-kotlin?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Build Status](https://github.com/mvysny/vok-security-demo/actions/workflows/gradle.yml/badge.svg)](https://github.com/mvysny/vok-security-demo/actions/workflows/gradle.yml)

# Vaadin-on-Kotlin Security Demo for Vaadin

Demonstrates a secured Vaadin-on-Kotlin-based application. Uses [Vaadin Simple Security](https://github.com/mvysny/vaadin-simple-security)
library. Requires Java 17+.

The project [online demo](https://v-herd.eu/vok-security-demo).

# Preparing Environment

Please see the [Vaadin Boot](https://github.com/mvysny/vaadin-boot#preparing-environment) documentation
on how you run, develop and package this Vaadin-Boot-based app.

# About the application

The application uses the username+password authorization, with users stored in an in-memory H2 SQL database
(the [User](src/main/kotlin/com/vaadin/securitydemo/security/User.kt) class). There are no
views that could be accessed publicly - the user must log in first, in order to see any part of the app.

There are two users pre-created by the [Bootstrap](src/main/kotlin/com/vaadin/securitydemo/Bootstrap.kt) class:

* The 'user' user with the password of 'user' and the role of `ROLE_USER`
* The 'admin' user with the password of 'admin' and two roles: `ROLE_ADMIN` and `ROLE_USER`

The [AppServiceInitListener](src/main/kotlin/com/vaadin/securitydemo/AppServiceInitListener.kt) configures
Vaadin to check authorization and redirects to the Login route if there's no user logged in.
The username and password are compared against the database. The `User` class takes advantage
of the `HasPassword`
mixin which makes sure to store the passwords in a hashed form.

If the login succeeds, the user is then stored into the session (or, rather, the `LoginService` class
is stored in the session along with the currently logged-in user. This way, we can group all
login/logout functionality into single class). Then, the page is refreshed. This forces Vaadin
to create a new instance of the `MainLayout`. Since a non-null user is now in the session, the `MainLayout`
will not perform the re-route to the login view; instead it will show the application layout.

There are four views:

* The [WelcomeRoute](src/main/kotlin/com/vaadin/securitydemo/welcome/WelcomeRoute.kt) which is accessible by all logged-in users;
* The [UserRoute](src/main/kotlin/com/vaadin/securitydemo/user/UserRoute.kt) which is accessible by all users with roles `ROLE_USER` and `ROLE_ADMIN`
* The [AdminRoute](src/main/kotlin/com/vaadin/securitydemo/admin/AdminRoute.kt) which is accessible by users with the `ROLE_ADMIN` role only