mirrors
/
vaadin-framework
mirror of https://github.com/vaadin/framework.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 329 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19188 Commits
114 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
vaadin-framework/documentation/articles/AccessControlForViews.asciidoc

AccessControlForViews.asciidoc 6.3KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205 
  1. ---

  2. title: Access Control For Views

  3. order: 2

  4. layout: page

  5. ---

  6. 

  7. [[access-control-for-views]]

  8. = Access control for views

  9. 

  10. The Navigator API provides a simple mechanism to allow or disallow

  11. navigating to a View. Before a View is shown, each ViewChangeListener

  12. that is registered with the Navigator is given the opportunity to veto

  13. the View change.

  14. 

  15. One can also make the View itself trigger a navigation to another View

  16. in navigateTo(), but let's take a look at the more flexible

  17. beforeViewChange() and afterViewChange(), that exists specifically for

  18. this purpose.

  19. 

  20. First, let's continue from previous examples and create a MessageView

  21. for secret messages:

  22. 

  23. [source,java]

  24. ....

  25. import com.vaadin.navigator.View;

  26. import com.vaadin.ui.Label;

  27. 

  28. public class SecretView extends MessageView implements View {

  29.   public static final String NAME = "secret";

  30. 

  31.   public SecretView() {

  32.     setCaption("Private messages");

  33.     ((Layout) getContent()).addComponent(new Label("Some private stuff."));

  34.   }

  35. }

  36. ....

  37. 

  38. As you can see, there is absolutely nothing special going on here, we

  39. just customize the View enough to be able to distinguish from the

  40. regular MessageView.

  41. 

  42. Next, we'll register this new View with the Navigator, exactly as

  43. before. At this point our SecretView is not secret at all, but let's fix

  44. that by adding a ViewChangeListener to the Navigator:

  45. 

  46. [source,java]

  47. ....

  48. navigator.addViewChangeListener(new ViewChangeListener() {

  49. 

  50.   @Override

  51.   public boolean beforeViewChange(ViewChangeEvent event) {

  52.     if (event.getNewView() instanceof SecretView &&

  53.     ((NavigationtestUI)UI.getCurrent()).getLoggedInUser() == null) {

  54.       Notification.show("Permission denied", Type.ERROR_MESSAGE);

  55.       return false;

  56.     } else {

  57.       return true;

  58.     }

  59.   }

  60. 

  61.   @Override

  62.   public void afterViewChange(ViewChangeEvent event) {

  63.   }

  64. 

  65. });

  66. ....

  67. 

  68. So if we're on our way to the SecretView, but not logged in

  69. (getLoggedInUser() == null), the View change is cancelled. Quite simple

  70. rules in our case, but you could check anything - most probably you'll

  71. want to call a helper method that checks the user for permission.

  72. 

  73. Let's go ahead and add some links to the MainView again, so that we

  74. don't have to muck with the address-bar to try it out:

  75. 

  76. [source,java]

  77. ....

  78. import com.vaadin.navigator.View;

  79. import com.vaadin.navigator.ViewChangeListener.ViewChangeEvent;

  80. import com.vaadin.server.ExternalResource;

  81. import com.vaadin.ui.Button;

  82. import com.vaadin.ui.Button.ClickEvent;

  83. import com.vaadin.ui.Link;

  84. import com.vaadin.ui.Panel;

  85. import com.vaadin.ui.UI;

  86. import com.vaadin.ui.VerticalLayout;

  87. 

  88. public class MainView extends Panel implements View {

  89. 

  90.     public static final String NAME = "";

  91. 

  92.     public MainView() {

  93. 

  94.         VerticalLayout layout = new VerticalLayout();

  95. 

  96.         Link lnk = new Link("Count", new ExternalResource("#!" + CountView.NAME));

  97.         layout.addComponent(lnk);

  98. 

  99.         lnk = new Link("Message: Hello", new ExternalResource("#!"

  100.                 + MessageView.NAME + "/Hello"));

  101.         layout.addComponent(lnk);

  102. 

  103.         lnk = new Link("Message: Bye", new ExternalResource("#!"

  104.                 + MessageView.NAME + "/Bye/Goodbye"));

  105.         layout.addComponent(lnk);

  106. 

  107.         lnk = new Link("Private message: Secret", new ExternalResource("#!"

  108.                 + SecretView.NAME + "/Secret"));

  109.         layout.addComponent(lnk);

  110. 

  111.         lnk = new Link("Private message: Topsecret", new ExternalResource("#!"

  112.                 + SecretView.NAME + "/Topsecret"));

  113.         layout.addComponent(lnk);

  114. 

  115.         // login/logout toggle so we can test this

  116.         Button logInOut = new Button("Toggle login",

  117.                 new Button.ClickListener() {

  118.                     public void buttonClick(ClickEvent event) {

  119.                         Object user = ((NavigationtestUI)UI.getCurrent()).getLoggedInUser();

  120.                         ((NavigationtestUI)UI.getCurrent()).setLoggedInUser(

  121.                                 user == null ? "Smee" : null);

  122.                     }

  123.                 });

  124.         layout.addComponent(logInOut);

  125.         setContent(layout);

  126.     }

  127. 

  128.     @Override

  129.     public void enter(ViewChangeEvent event) {

  130.     }

  131. }

  132. ....

  133. 

  134. Instead of just showing a notification and leaving the user wondering,

  135. we should obviously allow the user to log in and continue. We'll do just

  136. that in the separate tutorial about Handling login, but for now we just

  137. add a button that toggles our logged in/out state.

  138. 

  139. Meanwhile, here is the the full source for the UI so far:

  140. 

  141. [source,java]

  142. ....

  143. import com.vaadin.navigator.Navigator;

  144. import com.vaadin.navigator.ViewChangeListener;

  145. import com.vaadin.server.VaadinRequest;

  146. import com.vaadin.ui.Notification;

  147. import com.vaadin.ui.Notification.Type;

  148. import com.vaadin.ui.UI;

  149. 

  150. public class NavigationtestUI extends UI {

  151. 

  152.     Navigator navigator;

  153. 

  154.     String loggedInUser;

  155. 

  156.     @Override

  157.     public void init(VaadinRequest request) {

  158.         // Create Navigator, make it control the ViewDisplay

  159.         navigator = new Navigator(this, this);

  160. 

  161.         // Add some Views

  162.         navigator.addView(MainView.NAME, new MainView()); // no fragment

  163. 

  164.         // #count will be a new instance each time we navigate to it, counts:

  165.         navigator.addView(CountView.NAME, CountView.class);

  166. 

  167.         // #message adds a label with whatever it receives as a parameter

  168.         navigator.addView(MessageView.NAME, new MessageView());

  169. 

  170.         // #secret works as #message, but you need to be logged in

  171.         navigator.addView(SecretView.NAME, new SecretView());

  172. 

  173.         // we'll handle permissions with a listener here, you could also do

  174.         // that in the View itself.

  175. 

  176.         navigator.addViewChangeListener(new ViewChangeListener() {

  177. 

  178.             @Override

  179.             public boolean beforeViewChange(ViewChangeEvent event) {

  180.                 if (event.getNewView() instanceof SecretView

  181.                         && ((NavigationtestUI)UI.getCurrent()).getLoggedInUser() == null) {

  182.                     Notification.show("Permission denied", Type.ERROR_MESSAGE);

  183.                     return false;

  184.                 } else {

  185.                     return true;

  186.                 }

  187.             }

  188. 

  189.             @Override

  190.             public void afterViewChange(ViewChangeEvent event) {

  191.                 System.out.println("After view change");

  192.             }

  193. 

  194.         });

  195.     }

  196. 

  197.     public String getLoggedInUser(){

  198.          return loggedInUser;

  199.     }

  200. 

  201.     public void setLoggedInUser(String user){

  202.          loggedInUser = user;

  203.    }

  204. }

  205. ....