You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been having a great deal of trouble incorporating Shared Security into my application, so I decided to restart by directly copying the configuration from the sample application. The only substantive changes I made were to make the login and logout URLs dependent on public constant Strings included on LoginUI and LoginFormView -- for example:
@SpringView(LoginFormView.NAME)
public class LoginFormView extends LoginForm implements View {
public static final String NAME = "login";
public static final String LOGOUT_NAME = "logout";
...
}
Tracing out why this didn't work uncovered the fact that the default VaadinLogoutHandler, (VaadinRedirectLogoutHandler) has a default logout-URL of "/logout". VaadinRedirectLogoutHandler simply tries to redirect to that URL (to hook into Spring Security's logout handling). Unfortunately, this default is not documented.
I can't think of any way to easily autodetect a configured logout-URL -- the associated LogoutFilter that's ordinarily constructed using the HttpSecurity builder isn't registered as a bean, I think. (And besides, LogoutFilter doesn't expose its configured URL as a property.)
At present, the only thing I can think of is to enhance the README.md documentation:
call out the assumed default logout-URL
specify that you should override the bean-definition for VaadinRedirectLogoutHandler (name = VaadinSharedSecurityConfiguration.VAADIN_LOGOUT_HANDLER_BEAN) to handle custom logout-URLs
The text was updated successfully, but these errors were encountered:
I've been having a great deal of trouble incorporating Shared Security into my application, so I decided to restart by directly copying the configuration from the sample application. The only substantive changes I made were to make the login and logout URLs dependent on public constant Strings included on LoginUI and LoginFormView -- for example:
My logout-button simply calls
VaadinSharedSecurity.logout():Tracing out why this didn't work uncovered the fact that the default
VaadinLogoutHandler, (VaadinRedirectLogoutHandler) has a default logout-URL of "/logout".VaadinRedirectLogoutHandlersimply tries to redirect to that URL (to hook into Spring Security's logout handling). Unfortunately, this default is not documented.I can't think of any way to easily autodetect a configured logout-URL -- the associated
LogoutFilterthat's ordinarily constructed using theHttpSecuritybuilder isn't registered as a bean, I think. (And besides,LogoutFilterdoesn't expose its configured URL as a property.)At present, the only thing I can think of is to enhance the README.md documentation:
VaadinRedirectLogoutHandler(name =VaadinSharedSecurityConfiguration.VAADIN_LOGOUT_HANDLER_BEAN) to handle custom logout-URLsThe text was updated successfully, but these errors were encountered: