Spring Security Helper compatibility with exported WebComponents

[fluorumlabs]

As a developer I would like to use Spring Security in my Fusion app which happens to use exported webcomponents. Do we have integration tests for that? I suspect that access to /web-component/web-component-bootstrap.js would be denied by Spring Security, but I might be wrong.

Should the user be able to specify access permissions for exported web components?

[pleku]

Can you open a bit what do you mean with

I would like to use Spring Security in my Fusion app which happens to use exported webcomponents

So that there are exported flow web components placed inside the fusion views ? Or that there is a fusion-flow hybrid app ? This should be supported and tested, but I cannot say if it has ITs.

I'd like to point out that routing is not even supported for exported flow applications (web components), so naturally view based access control would not be either.

[fluorumlabs]

So that there are exported flow web components placed inside the fusion views ?

Yes.

I also have some memories that someone managed once to use exported web component inside Flow, but I might be wrong.

No doubts that view access checker doesn't relate to exported web components anyhow. Updated the (misleading) issue title.

[pleku]

Ok. I think it should be clarified for spring security helpers on how to enable this (?), but apparently that is not the only issue you will face: vaadin/hilla#320 vaadin/hilla#240

To me it looks like this is something that "has been experimented with but is not documented or supported properly" and now Spring security configuration would add more complexity to the feature, if it was done at some point.

Anyway, FYI to the POs that this is another thing that is not supported between embedding flow parts into fusion apps. @gilberto-torrezan @mstahv