spring-bootsessionspring-securityvaadinmulti-user

Vaadin multi user session management


I am creating a Vaadin application with spring-boot and spring-security. There are some gui elements that can be modified. How to accomplish that a user gets it's own view on this? The problem, which I thought is already handled by the frameworks, is that when a different user logs in, he sees the modifications of the first user.

I want to use VaadinSessions or anything like this to support multiple users at the same time, modify their own exclusive views.

I don't know what to do. I tried adding to the Layout:

 @VaadinSessionScope

My naive approach looks like this: handle the different users / sessions in my own map. But the more I think about this solution, the more i am asking myself why not use these features from the framework. How do I separate the views / users?

This is the top of my view class:

@PageTitle("ACME")
@Theme(value = Lumo.class, variant = Lumo.LIGHT)
@Route
@VaadinSessionScope
public class ACMEView extends VerticalLayout {

Solution

  • Vaadin works in the opposite way. If you define e.g. a view component class with @Route, then there will be a separate instance for every user when they are navigated to that view. It actually even goes further than that - if the user has the same view open in multiple browser tabs, then they will have multiple instances of that component class.

    You need to make a separation between components and the data. If you put @VaadinSessionScope on a component class, then every user will have its own instance of that component. Users would be isolated from each other but it would still cause problems if the user has multiple browser tabs open. For this reason, you should almost always avoid scope annotations on component classes.

    The reason multiple users see the same data is that the data is shared, regardless of the component instances. That's based on how you're configuring those components, rather than based on the life cycle of the components themselves. In the case of Grid, that's about what you're passing into the setDataProvider or setItems method. I suspect your data is either stored in a static field somewhere or in a separate Spring bean that has a wider scope (the default scope in Spring is singleton). You might want to apply @VaadinSessionScope to the bean that holds the data rather than on the component class that holds the component's own configuration.