现在,我正在准备 Vaadin 23.2.5 应用程序进行生产,并且经常在重新部署应用程序后无法完全重新加载自身,并在顶部挂有蓝色的进度条。
我可能看到的唯一问题是浏览器控制台中的以下 JS 问题:
FireFox
Chrome
另外,根据我之前关于此主题的问题 - 我从应用程序中完全删除了网格组件,但正如您所看到的 - 问题仍然存在。如何解决这个问题?
UPDATED
我的配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends VaadinWebSecurityConfigurerAdapter {
private final ClientRegistrationRepository clientRegistrationRepository;
private final GrantedAuthoritiesMapper authoritiesMapper;
private final ProfileService profileService;
SecurityConfiguration(ClientRegistrationRepository clientRegistrationRepository,
GrantedAuthoritiesMapper authoritiesMapper, ProfileService profileService) {
this.clientRegistrationRepository = clientRegistrationRepository;
this.authoritiesMapper = authoritiesMapper;
this.profileService = profileService;
SecurityContextHolder.setStrategyName(VaadinAwareSecurityContextHolderStrategy.class.getName());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
// Enable OAuth2 login
.oauth2Login(oauth2Login ->
oauth2Login
.clientRegistrationRepository(clientRegistrationRepository)
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
// Use a custom authorities mapper to get the roles from the identity provider into the Authentication token
.userAuthoritiesMapper(authoritiesMapper)
)
// Use a Vaadin aware authentication success handler
.successHandler(new KeycloakVaadinAuthenticationSuccessHandler(profileService))
)
// Configure logout
.logout(logout ->
logout
// Enable OIDC logout (requires that we use the 'openid' scope when authenticating)
.logoutSuccessHandler(logoutSuccessHandler())
// When CSRF is enabled, the logout URL normally requires a POST request with the CSRF
// token attached. This makes it difficult to perform a logout from within a Vaadin
// application (since Vaadin uses its own CSRF tokens). By changing the logout endpoint
// to accept GET requests, we can redirect to the logout URL from within Vaadin.
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
);
}
@Bean
@Primary
public SpringViewAccessChecker springViewAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
return new KeycloakSpringViewAccessChecker(accessAnnotationChecker, "/oauth2/authorization/keycloak");
}
private OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler() {
var logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
logoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
return logoutSuccessHandler;
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
// Don't apply security rules on our static pages
web.ignoring().antMatchers("/session-expired", "/images/*");
}
@Bean
public PolicyFactory htmlSanitizer() {
// This is the policy we will be using to sanitize HTML input
return Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.STYLES).and(Sanitizers.LINKS);
}
}
@Component
class VaadinSessionConfiguration implements VaadinServiceInitListener, SystemMessagesProvider, SessionDestroyListener {
private final String relativeSessionExpiredUrl;
VaadinSessionConfiguration(ServerProperties serverProperties) {
relativeSessionExpiredUrl = UriComponentsBuilder.fromPath(serverProperties.getServlet().getContextPath()).path("logout").build().toUriString();
}
@Override
public SystemMessages getSystemMessages(SystemMessagesInfo systemMessagesInfo) {
var messages = new CustomizedSystemMessages();
// Redirect to a specific screen when the session expires. In this particular case we don't want to logout
// just yet. If you would like the user to be completely logged out when the session expires, this URL
// should the logout URL.
messages.setSessionExpiredURL(relativeSessionExpiredUrl);
return messages;
}
@Override
public void sessionDestroy(SessionDestroyEvent event) {
// We also want to destroy the underlying HTTP session since it is the one that contains the authentication
// token.
try {
event.getSession().getSession().invalidate();
} catch (Exception ignore) {
// Session was probably already invalidated.
}
}
@Override
public void serviceInit(ServiceInitEvent event) {
event.getSource().setSystemMessagesProvider(this);
event.getSource().addSessionDestroyListener(this);
}
}
public final class VaadinAwareSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
private final ThreadLocal<SecurityContext> contextHolder = new ThreadLocal<>();
@Override
public void clearContext() {
contextHolder.remove();
}
@Override
@NonNull
public SecurityContext getContext() {
var context = contextHolder.get();
if (context == null) {
context = getFromVaadinSession().orElseGet(() -> {
var newCtx = createEmptyContext();
// This copies the behaviour of ThreadLocalSecurityContextHolder.
contextHolder.set(newCtx);
return newCtx;
});
}
return context;
}
@NonNull
private Optional<SecurityContext> getFromVaadinSession() {
// Don't store this security context in the ThreadLocal as that may lead to the context leaking
// into other sessions as threads may be reused.
var session = VaadinSession.getCurrent();
if (session == null) {
return Optional.empty();
}
var securityContext = session.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
if (securityContext instanceof SecurityContext) {
return Optional.of((SecurityContext) securityContext);
} else {
return Optional.empty();
}
}
@Override
public void setContext(@NonNull SecurityContext securityContext) {
contextHolder.set(requireNonNull(securityContext));
}
@Override
@NonNull
public SecurityContext createEmptyContext() {
return new SecurityContextImpl();
}
}
更新1
None
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
