Spring Boot Vaadin flavored Apache Shiro demo app

NCIDevRonR · May 13, 2024, 4:16pm

I have successfully implemented a Spring Boot Vaadin flavored Apache Shiro demo app which mimics Apache’s Shiro demo app which they developed in Spring Boot ThymeLeaf. It took a little doing and some hair pulling, so maybe this example wiull save someone a bit of hassle. Here it is.

Tatu2 · May 14, 2024, 12:04pm

I have an improvement idea for you, use Servlet API to change Session id here after login

github.com

NCIDevRonR/pub-vdn-shiro-demo-repo/blob/main/vdn-sb-shiro-sample/src/main/java/org/vaadin/example/shiro/ShiroSvc.java#L101


      
          
          public String getErrorMsg() {
              return errorMsg;
          }
          
          public void login(String username, String password) {
              Subject currentUser = SecurityUtils.getSubject();
              if (!currentUser.isAuthenticated()) {
                  UsernamePasswordToken token = new UsernamePasswordToken(username, password);
                  try {
                      currentUser.login(token);
                  } catch (AuthenticationException a) {
                      //Notify the subject that the login has failed.
                      Notification.show("Login failed!");
                  }
              }
          }
          
          public void logout() {
              Subject currentUser = SecurityUtils.getSubject();
              currentUser.logout();

As this is a missing feature in Shiro, see:

https://issues.apache.org/jira/browse/SHIRO-170

Spring Security is different and does this for you automatically.

NCIDevRonR · May 16, 2024, 4:23pm

Thank you for this suggestion, and the thought which went into it.

I followed the link, and implemented the change as described, but it screwed up my screen flow in this very basic app.

In my team’s private repo for this app, I have created a separate branch for this fix, and will see how my team wishes to proceed.