mirrors
/
vaadin-framework
mirror of https://github.com/vaadin/framework.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 330 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16873 Commits
114 Branches
Branch: fix/typo
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fix/typo'
${ noResults }
vaadin-framework/documentation/articles/AccessControlForViews.asciidoc

AccessControlForViews.asciidoc 6.5KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. ---

  2. title: Access Control For Views

  3. order: 46

  4. layout: page

  5. ---

  6. 

  7. [[access-control-for-views]]

  8. Access control for views

  9. ------------------------

  10. 

  11. The Navigator API provides a simple mechanism to allow or disallow

  12. navigating to a View. Before a View is shown, each ViewChangeListener

  13. that is registered with the Navigator is given the opportunity to veto

  14. the View change.

  15. 

  16. One can also make the View itself trigger a navigation to another View

  17. in navigateTo(), but let's take a look at the more flexible

  18. beforeViewChange() and afterViewChange(), that exists specifically for

  19. this purpose.

  20. 

  21. First, let's continue from previous examples and create a MessageView

  22. for secret messages:

  23. 

  24. [source,java]

  25. ....

  26. import com.vaadin.navigator.View;

  27. import com.vaadin.ui.Label;

  28. 

  29. public class SecretView extends MessageView implements View {

  30.   public static final String NAME = "secret";

  31. 

  32.   public SecretView() {

  33.     setCaption("Private messages");

  34.     ((Layout) getContent()).addComponent(new Label("Some private stuff."));

  35.   }

  36. }

  37. ....

  38. 

  39. As you can see, there is absolutely nothing special going on here, we

  40. just customize the View enough to be able to distinguish from the

  41. regular MessageView.

  42. 

  43. Next, we'll register this new View with the Navigator, exactly as

  44. before. At this point our SecretView is not secret at all, but let's fix

  45. that by adding a ViewChangeListener to the Navigator:

  46. 

  47. [source,java]

  48. ....

  49. navigator.addViewChangeListener(new ViewChangeListener() {

  50. 

  51.   @Override

  52.   public boolean beforeViewChange(ViewChangeEvent event) {

  53.     if (event.getNewView() instanceof SecretView &&

  54.     ((NavigationtestUI)UI.getCurrent()).getLoggedInUser() == null) {

  55.       Notification.show("Permission denied", Type.ERROR_MESSAGE);

  56.       return false;

  57.     } else {

  58.       return true;

  59.     }

  60.   }

  61. 

  62.   @Override

  63.   public void afterViewChange(ViewChangeEvent event) {

  64.   }

  65. 

  66. });

  67. ....

  68. 

  69. So if we're on our way to the SecretView, but not logged in

  70. (getLoggedInUser() == null), the View change is cancelled. Quite simple

  71. rules in our case, but you could check anything - most probably you'll

  72. want to call a helper method that checks the user for permission.

  73. 

  74. Let's go ahead and add some links to the MainView again, so that we

  75. don't have to muck with the address-bar to try it out:

  76. 

  77. [source,java]

  78. ....

  79. import com.vaadin.navigator.View;

  80. import com.vaadin.navigator.ViewChangeListener.ViewChangeEvent;

  81. import com.vaadin.server.ExternalResource;

  82. import com.vaadin.ui.Button;

  83. import com.vaadin.ui.Button.ClickEvent;

  84. import com.vaadin.ui.Link;

  85. import com.vaadin.ui.Panel;

  86. import com.vaadin.ui.UI;

  87. import com.vaadin.ui.VerticalLayout;

  88. 

  89. public class MainView extends Panel implements View {

  90. 

  91.     public static final String NAME = "";

  92. 

  93.     public MainView() {

  94. 

  95.         VerticalLayout layout = new VerticalLayout();

  96. 

  97.         Link lnk = new Link("Count", new ExternalResource("#!" + CountView.NAME));

  98.         layout.addComponent(lnk);

  99. 

  100.         lnk = new Link("Message: Hello", new ExternalResource("#!"

  101.                 + MessageView.NAME + "/Hello"));

  102.         layout.addComponent(lnk);

  103. 

  104.         lnk = new Link("Message: Bye", new ExternalResource("#!"

  105.                 + MessageView.NAME + "/Bye/Goodbye"));

  106.         layout.addComponent(lnk);

  107. 

  108.         lnk = new Link("Private message: Secret", new ExternalResource("#!"

  109.                 + SecretView.NAME + "/Secret"));

  110.         layout.addComponent(lnk);

  111. 

  112.         lnk = new Link("Private message: Topsecret", new ExternalResource("#!"

  113.                 + SecretView.NAME + "/Topsecret"));

  114.         layout.addComponent(lnk);

  115. 

  116.         // login/logout toggle so we can test this

  117.         Button logInOut = new Button("Toggle login",

  118.                 new Button.ClickListener() {

  119.                     public void buttonClick(ClickEvent event) {

  120.                         Object user = ((NavigationtestUI)UI.getCurrent()).getLoggedInUser();

  121.                         ((NavigationtestUI)UI.getCurrent()).setLoggedInUser(

  122.                                 user == null ? "Smee" : null);

  123.                     }

  124.                 });

  125.         layout.addComponent(logInOut);

  126.         setContent(layout);

  127.     }

  128. 

  129.     @Override

  130.     public void enter(ViewChangeEvent event) {

  131.     }

  132. }

  133. ....

  134. 

  135. Instead of just showing a notification and leaving the user wondering,

  136. we should obviously allow the user to log in and continue. We'll do just

  137. that in the separate tutorial about Handling login, but for now we just

  138. add a button that toggles our logged in/out state.

  139. 

  140. Meanwhile, here is the the full source for the UI so far:

  141. 

  142. [source,java]

  143. ....

  144. import com.vaadin.navigator.Navigator;

  145. import com.vaadin.navigator.ViewChangeListener;

  146. import com.vaadin.server.VaadinRequest;

  147. import com.vaadin.ui.Notification;

  148. import com.vaadin.ui.Notification.Type;

  149. import com.vaadin.ui.UI;

  150. 

  151. public class NavigationtestUI extends UI {

  152. 

  153.     Navigator navigator;

  154. 

  155.     String loggedInUser;

  156. 

  157.     @Override

  158.     public void init(VaadinRequest request) {

  159.         // Create Navigator, make it control the ViewDisplay

  160.         navigator = new Navigator(this, this);

  161. 

  162.         // Add some Views

  163.         navigator.addView(MainView.NAME, new MainView()); // no fragment

  164. 

  165.         // #!count will be a new instance each time we navigate to it, counts:

  166.         navigator.addView(CountView.NAME, CountView.class);

  167. 

  168.         // #!message adds a label with whatever it receives as a parameter

  169.         navigator.addView(MessageView.NAME, new MessageView());

  170. 

  171.         // #!secret works as #!message, but you need to be logged in

  172.         navigator.addView(SecretView.NAME, new SecretView());

  173. 

  174.         // we'll handle permissions with a listener here, you could also do

  175.         // that in the View itself.

  176. 

  177.         navigator.addViewChangeListener(new ViewChangeListener() {

  178. 

  179.             @Override

  180.             public boolean beforeViewChange(ViewChangeEvent event) {

  181.                 if (event.getNewView() instanceof SecretView

  182.                         && ((NavigationtestUI)UI.getCurrent()).getLoggedInUser() == null) {

  183.                     Notification.show("Permission denied", Type.ERROR_MESSAGE);

  184.                     return false;

  185.                 } else {

  186.                     return true;

  187.                 }

  188.             }

  189. 

  190.             @Override

  191.             public void afterViewChange(ViewChangeEvent event) {

  192.                 System.out.println("After view change");

  193.             }

  194. 

  195.         });

  196.     }

  197. 

  198.     public String getLoggedInUser(){

  199.          return loggedInUser;

  200.     }

  201. 

  202.     public void setLoggedInUser(String user){

  203.          loggedInUser = user;

  204.    }

  205. }

  206. ....