Rework security to use Vaadin 22's AccessAnnotationChecker

mvysny / vaadin-on-kotlin

Writing full-stack statically-typed web apps on JVM at its simplest

https://www.vaadinonkotlin.eu/

MIT License

186 stars 17 forks source link

Rework security to use Vaadin 22's AccessAnnotationChecker #71

Closed mvysny closed 2 years ago

mvysny commented 2 years ago

In Vaadin 21+ there's the AccessAnnotationChecker class and the ViewAccessChecker class which helps with LoginView and uses a simple role-based security based on javax.annotation.security.RolesAllowed annotations.

VoK should drop its own annotations and use the abovementioned classes, to reuse a lot of tested code.

Namely:

eu.vaadinonkotlin.security.AllowAll is replaced by Vaadin 21+'s com.vaadin.flow.server.auth.AnonymousAllowed.

mvysny commented 2 years ago

The AccessAnnotationChecker is not present in Vaadin 14 LTS, therefore this ticket is blocked by #72 .

However, what we can do is to drop the eu.vaadinonkotlin.security.* annotations in favor of javax.annotation.security.* annotations. Blocked by #73

mvysny commented 2 years ago

Note to also update README.md and security.md documentation.