Using the path info part and parameters, you can already implement a mechanism that routes a request to a specific component, similarly to what a front controller does in a request/response-based framework. For example:
public class FrontController {
public static void route(VaadinRequest request,
SingleComponentContainer container) {
String path = request.getPathInfo();
if ("users".equals(path)) {
container.setContent(new UsersComponent());
} else if ("orders".equals(path)) {
container.setContent(new OrdersComponent());
} else { ... }
}
}
And the corresponding UI implementation could look like this:
public class VaadinUI extends UI {
@Override
protected void init(VaadinRequest request) {
FrontController.route(request, this);
}
}
The FrontController class can invoke any authorization logic in order to decide whether the current user can see a UI component or not before routing the request to a UI component. For example:
public class FrontController {
public static void route(VaadinRequest request,
SingleComponentContainer container) {
String path = request.getPathInfo();
if (!AuthService.userCanAccess(path)) {
container.setContent(new ErrorComponent(
"Access denied."));
return;
}
...
}
}
The AuthService.userCanAccess method can be implemented in various ways:
- A set of if/else statements checking each path/role combination
- A check on a Java Map where each key is a path and each value is a Set of the allowed roles for that path
- A check with an external resource (such as an SQL database, web service, or properties file)
- An algorithm combining the previous alternatives
Implementing each of these solutions would take too much space in the book, and it's also more related to Java than Vaadin itself, so I'll let you decide how to implement this method.