User can access unauthorized pages in vaddin- springboot app

Multi tool use
Multi tool use









0















I created a spring-boot application with vaadin flow and spring security. I configured two roles ROLE_USER and ROLE_ADMIN and granted access to the pages as follows



.antMatchers("/user/mainmenu").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/admin/trades").access("hasRole('ROLE_ADMIN')")


Then I created buttons and put it in the main menu so that the user can navigate to the trades view clicking the button as follows (Only admin users should be able to view the page)



tradesButton.addClickListener(buttonClickEvent -> 
 getUI().ifPresent(ui -> ui.navigate("/admin/trades"));
);


But even a user only with user role can view the page when clicked. What is the reason for this??



(I've noticed that the app blocks when I put admin view url http://127.0.0.1:8080/admin/trades on address-bar and try to access it.)






spring-boot spring-security vaadin10







share|improve this question

















  • 1





    I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

    – user3717646
    Nov 20 '18 at 5:05















0















I created a spring-boot application with vaadin flow and spring security. I configured two roles ROLE_USER and ROLE_ADMIN and granted access to the pages as follows



.antMatchers("/user/mainmenu").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/admin/trades").access("hasRole('ROLE_ADMIN')")


Then I created buttons and put it in the main menu so that the user can navigate to the trades view clicking the button as follows (Only admin users should be able to view the page)



tradesButton.addClickListener(buttonClickEvent -> 
 getUI().ifPresent(ui -> ui.navigate("/admin/trades"));
);


But even a user only with user role can view the page when clicked. What is the reason for this??



(I've noticed that the app blocks when I put admin view url http://127.0.0.1:8080/admin/trades on address-bar and try to access it.)






spring-boot spring-security vaadin10







share|improve this question

















  • 1





    I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

    – user3717646
    Nov 20 '18 at 5:05













0












0








0








I created a spring-boot application with vaadin flow and spring security. I configured two roles ROLE_USER and ROLE_ADMIN and granted access to the pages as follows



.antMatchers("/user/mainmenu").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/admin/trades").access("hasRole('ROLE_ADMIN')")


Then I created buttons and put it in the main menu so that the user can navigate to the trades view clicking the button as follows (Only admin users should be able to view the page)



tradesButton.addClickListener(buttonClickEvent -> 
 getUI().ifPresent(ui -> ui.navigate("/admin/trades"));
);


But even a user only with user role can view the page when clicked. What is the reason for this??



(I've noticed that the app blocks when I put admin view url http://127.0.0.1:8080/admin/trades on address-bar and try to access it.)






spring-boot spring-security vaadin10







share|improve this question














I created a spring-boot application with vaadin flow and spring security. I configured two roles ROLE_USER and ROLE_ADMIN and granted access to the pages as follows



.antMatchers("/user/mainmenu").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/admin/trades").access("hasRole('ROLE_ADMIN')")


Then I created buttons and put it in the main menu so that the user can navigate to the trades view clicking the button as follows (Only admin users should be able to view the page)



tradesButton.addClickListener(buttonClickEvent -> 
 getUI().ifPresent(ui -> ui.navigate("/admin/trades"));
);


But even a user only with user role can view the page when clicked. What is the reason for this??



(I've noticed that the app blocks when I put admin view url http://127.0.0.1:8080/admin/trades on address-bar and try to access it.)






spring-boot spring-security vaadin10




spring-boot spring-security vaadin10






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 2:38









user3717646user3717646

411210




411210







  • 1





    I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

    – user3717646
    Nov 20 '18 at 5:05












  • 1





    I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

    – user3717646
    Nov 20 '18 at 5:05







1




1





I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

– user3717646
Nov 20 '18 at 5:05





I have found a sample application from vaadin at: vaadin.com/start/lts/full-stack-spring and it has implemented the spring security in it.

– user3717646
Nov 20 '18 at 5:05












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53292407%2fuser-can-access-unauthorized-pages-in-vaddin-springboot-app%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53292407%2fuser-can-access-unauthorized-pages-in-vaddin-springboot-app%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







t3WY0bGhdb,RR,PD KLJu,Mcf pKn5v2XZV2,4VC6AY9iYfjKtRNApZ Juwu7,Ht OVODC
-
yO2U,Fdt,ObRJ,v,xP5 jcndrEiAfB9 xVzIaDEVCraW,rjz5q2FXZ51WT0L1m94zl94U3ahJI

Popular posts from this blog

Top Tejano songwriter Luis Silva dead of heart attack at 64

Image
Ramiro Burr's New Blog - to go back: www.ramiroburr.com From Latin rock to reggaeton, boleros to blues,Tex-Mex to Tejano, conjunto to corridos and beyond, Ramiro Burr has it covered. If you have a new CD release, a trivia question or are looking for tour info, post a message here or e-mail Ramiro directly at: musicreporter@gmail.com Top Tejano songwriter Luis Silva dead of heart attack at 64 By Ramiro Burr on October 23, 2008 8:40 AM | Permalink | Comments (12) | TrackBacks (0) UPDATE: Luis Silva Funeral Service details released Visitation 4-9 p.m. Saturday, Rosary service 6 p.m. Saturday at Porter Loring, 1101 McCullough Ave Funeral Service 10:30 a.m. Monday St. Anthony De Padua Catholic Church, Burial Service at Chapel Hills, 7735 Gibbs Sprawl Road. Porter Loring (210) 227-8221 Related New Flash: Irma Laura Lopez: long time record promoter killed in accident NewsFlash: 9:02 a.m. (New comments below) Luis Silva , one of the most well-known ...
Read more

Can't figure out why I get Error loading static resource from app.xaml

Image
1 I having trouble getting my ResourceDictionary.MergedDictionaries to load from app.xaml. My WPF app has a static class with a Main defined and startup object set to it. Within Main I created an instance of App and run it. The override OnStartup fires and the mainwindow.cs InitializeComponent gives the error "Message "Cannot find resource named 'MaterialDesignFloatingActionMiniAccentButton'. If I put the resources in the mainwindow.xaml everything is fine, but I wanted them to load at the app level so I they are not in each page. Any help appreciated. public partial class App protected override void OnStartup(StartupEventArgs e) base.OnStartup(e); var app = new MainWindow(); var context = new MainWindowViewModel(); app.DataContext = context; app.Show(); from the Main.. var app = new App(); app.Run(); app.xaml.. <Application x:Class="GS.Server.App" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:...
Read more

How to fill missing numeric if any value in a subset is missing, all other columns with the same subset are missing

Image
up vote 2 down vote favorite There is a clear pattern that show for two separate subsets (set of columns); If one value is missing in a column, values of other columns in the same subset are missing for any row. Here is a visualization of missing data My tries up until now, I used ycimpute library to learn from other values, and applied Iterforest. I noted, score of Logistic regression is so weak (0.6) and thought Iterforest might not learn enough or anyway, except from outer subset which might not be enough? for example the subset with 11 columns might learn from the other columns but not from within it's members, and the same goes for the subset with four columns. This bar plot show better quantity of missings So of course, dealing with missings is better than dropping rows because It would affect my prediction which does contain the same missings quantity relatively. Any better way to deal with these ? [EDIT] The nullity pattern is confirmed: machine-learning cor...
Read more