Demonstrates the security aspect of the Vaadin-on-Kotlin framework. For a general information on VoK Security please head to the vok-security module documentation.
Deprecated: uses old VoK version and Vaadin 8. Please see the vok-security-demo project.
To quickly start the app, make sure that you have Java 8 JDK installed. Then, just type this into your terminal:
git clone https://github.com/mvysny/vok-security-demo-v8
cd vok-security-demo
./gradlew build web:appRun
The app will be running on http://localhost:8080/.
The app is running live on Heroku at https://vok-sec-demo-v8.herokuapp.com.
The application uses the username+password authorization, with users stored in an in-memory H2 SQL database (the User class). There are no views that could be accessed publicly - the user must always log in first, in order to see any part of the app.
There are two users pre-created by the Bootstrap class:
- The 'user' user with the password of 'user' and the role of
user
- The 'admin' user with the password of 'admin' and two roles:
admin
anduser
The MyUI is configured to show a full-screen
login form (provided for us by the Vaadin-on-Kotlin as LoginForm class).
The username and password are compared against the database. The User
class takes advantage
of the HasPassword
mixin which makes sure to store the passwords in a hashed form.
If the login succeeds, the user is then stored into the session (or, rather, the LoginManager
class
is stored in the session along with the currently logged-in user. This way, we can group all
login/logout functionality into single class). Then, the page is refreshed. This forces Vaadin
to create a new instance of the UI. Since a non-null user is now in the session, the UI will show
the application layout instead of the login form.
There are four views:
- The WelcomeView which is accessible by all logged-in users;
- The UserView which is accessible by all users with roles
user
andadmin
- The AdminView which is accessible by users with the
admin
role only - The UserProfileView which shows info about the currently logged-in user and is therefore accessible by all logged-in users.
The MyUI
class contains proper logic for catching and displaying AccessRejectedException
s, by the means
of installing the proper ErrorHandler
into the UI. You can check the security being enforced, simply
by running the project, logging in as an admin (user admin
, password admin
) and clicking on the "Admin"
page (or visiting the http://localhost:8080/admin link).
Visit the web module docs for more documentation on the individual project files.
Let's look at all files that this project is composed of, and what are the points where you'll add functionality:
Files | Meaning |
---|---|
build.gradle | Gradle build tool configuration files. Gradle is used to compile your app, download all dependency jars and build a war file |
gradlew, gradlew.bat, gradle/ | Gradle runtime files, so that you can build your app from command-line simply by running ./gradlew , without having to download and install Gradle distribution yourself. |
.travis.yml | Configuration file for Travis-CI which tells Travis how to build the app. Travis watches your repo; it automatically builds your app and runs all the tests after every commit. |
Procfile | Configuration file for Heroku which hosts the app. Heroku will wait for Travis to verify the build, then it will build a Tomcat bundle and run it inside of docker. |
.gitignore | Tells Git to ignore files that can be produced from your app's sources - be it files produced by Gradle, Intellij project files etc. |
web/ | The web Gradle module which will host the web application itself. You can add more Gradle modules as your project will grow. Visit the web module docs for more documentation. |
The easiest way (and the recommended way) to develop Karibu-DSL-based web applications is to use Intellij IDEA Ultimate. It includes support for launching your project in any servlet container (Tomcat is recommended) and allows you to debug the code, modify the code and hot-redeploy the code into the running Tomcat instance, without having to restart Tomcat.
- First, download Tomcat and register it into your Intellij IDEA properly: https://www.jetbrains.com/help/idea/2017.1/defining-application-servers-in-intellij-idea.html
- Then just open this project in Intellij, simply by selecting
File / Open...
and click on thebuild.gradle
file. When asked, select "Open as Project". - You can then create a launch configuration which will launch the
web
module asexploded
in Tomcat with Intellij: just scroll to the end of this tutorial: https://kotlinlang.org/docs/tutorials/httpservlets.html - Start your newly created launch configuration in Debug mode. This way, you can modify the code
and press
Ctrl+F9
to hot-redeploy the code. This only redeploys java code though, to redeploy resources just pressCtrl+F10
and select "Update classes and resources"