feat: Document VaadinSecurityConfigurer

articles/building-apps/security/add-login/flow.adoc

@@ -31,7 +31,7 @@ public class LoginView extends Main implements BeforeEnterObserver {
     private final LoginForm login;
 
     public LoginView() {
-        addClassNames(LumoUtility.Display.FLEX, LumoUtility.JustifyContent.CENTER, 
+        addClassNames(LumoUtility.Display.FLEX, LumoUtility.JustifyContent.CENTER,
             LumoUtility.AlignItems.CENTER);
         setSizeFull();
         login = new LoginForm();
@@ -65,9 +65,37 @@ If your application's root package is `com.example.application`, place the login
 
 To instruct Spring Security to use your login view, modify your security configuration:
 
-.SecurityConfig.java
+[.example]
+--
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+// tag::snippet[]
+            configurer.loginView(LoginView.class);
+// end::snippet[]
+        });
+
+        return http.build();
+    }
+    ...
+}
+----
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 @EnableWebSecurity
 @Configuration
 class SecurityConfig extends VaadinWebSecurity {
@@ -83,6 +111,8 @@ class SecurityConfig extends VaadinWebSecurity {
 }
 ----
 
+--
+
 Now, when a user tries to access the application, they'll be redirected to the login page.
 
 [IMPORTANT]
@@ -130,9 +160,62 @@ Create a new package: [packagename]`[application package].security`
 
 Inside this package, create a [classname]`SecurityConfig` class:
 
-.SecurityConfig.class
+[.example]
+--
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.provisioning.UserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
+
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+            configurer.loginView(LoginView.class);
+        });
+
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsManager userDetailsManager() {
+        LoggerFactory.getLogger(SecurityConfig.class)
+            .warn("Using in-memory user details manager!");
+        var user = User.withUsername("user")
+                .password("{noop}user")
+                .roles("USER")
+                .build();
+        var admin = User.withUsername("admin")
+                .password("{noop}admin")
+                .roles("ADMIN")
+                .build();
+        return new InMemoryUserDetailsManager(user, admin);
+    }
+}
+----
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 import com.vaadin.flow.spring.security.VaadinWebSecurity;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
@@ -168,6 +251,9 @@ class SecurityConfig extends VaadinWebSecurity {
     }
 }
 ----
+
+--
+
 ====
 
 
@@ -198,8 +284,8 @@ public class LoginView extends Main implements BeforeEnterObserver {
     private final LoginForm login;
 
     public LoginView() {
-        addClassNames(LumoUtility.Display.FLEX, 
-            LumoUtility.JustifyContent.CENTER, 
+        addClassNames(LumoUtility.Display.FLEX,
+            LumoUtility.JustifyContent.CENTER,
             LumoUtility.AlignItems.CENTER);
         setSizeFull();
         login = new LoginForm();
@@ -226,9 +312,37 @@ public class LoginView extends Main implements BeforeEnterObserver {
 ====
 Modify [classname]`SecurityConfig` to reference the `LoginView`:
 
-.SecurityConfig.java
+[.example]
+--
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+// tag::snippet[]
+            configurer.loginView(LoginView.class);
+// end::snippet[]
+        });
+
+        return http.build();
+    }
+    ...
+}
+----
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 @EnableWebSecurity
 @Configuration
 class SecurityConfig extends VaadinWebSecurity {
@@ -243,6 +357,8 @@ class SecurityConfig extends VaadinWebSecurity {
     ...
 }
 ----
+
+--
 ====
 
 

articles/building-apps/security/add-login/hilla.adoc

@@ -56,7 +56,7 @@ Vaadin does not provide a built-in user information type, so you need to define
 [source,java]
 ----
 public record UserInfo(
-    @NonNull String name, 
+    @NonNull String name,
     @NonNull Collection<String> authorities
 ) {
 }
@@ -155,9 +155,37 @@ Spring Security's *form login* mechanism automatically processes authentication
 
 To instruct Spring Security to use your login view, modify your security configuration:
 
-.SecurityConfig.java
+[.example]
+--
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+// tag::snippet[]
+            configurer.loginView("/login");
+// end::snippet[]
+        });
+
+        return http.build();
+    }
+    ...
+}
+----
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 @EnableWebSecurity
 @Configuration
 class SecurityConfig extends VaadinWebSecurity {
@@ -173,6 +201,7 @@ class SecurityConfig extends VaadinWebSecurity {
 }
 ----
 
+--
 Now, when a user tires to access a protected view, they'll be redirected to the login page.
 
 [IMPORTANT]
@@ -220,9 +249,62 @@ Create a new package: [packagename]`[application package].security`
 
 Inside this package, create a [classname]`SecurityConfig` class:
 
-.SecurityConfig.class
+[.example]
+--
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
+import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.provisioning.UserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+            configurer.loginView("/login");
+        });
+
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsManager userDetailsManager() {
+        LoggerFactory.getLogger(SecurityConfig.class)
+            .warn("Using in-memory user details manager!");
+        var user = User.withUsername("user")
+                .password("{noop}user")
+                .roles("USER")
+                .build();
+        var admin = User.withUsername("admin")
+                .password("{noop}admin")
+                .roles("ADMIN")
+                .build();
+        return new InMemoryUserDetailsManager(user, admin);
+    }
+}
+----
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 import com.vaadin.flow.spring.security.VaadinWebSecurity;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
@@ -258,6 +340,8 @@ class SecurityConfig extends VaadinWebSecurity {
     }
 }
 ----
+
+--
 ====
 
 
@@ -274,7 +358,7 @@ Inside this package, create a [recordname]`UserInfo` record:
 import org.jspecify.annotations.NonNull;
 import java.util.Collection;
 
-public record UserInfo(@NonNull String name, 
+public record UserInfo(@NonNull String name,
                        @NonNull Collection<String> authorities) {
 }
 
@@ -390,9 +474,37 @@ export default function LoginView() {
 ====
 Modify [classname]`SecurityConfig` to reference the new login view:
 
-.SecurityConfig.java
+[.example]
+--
+
+.`SecurityConfig.java`
 [source,java]
 ----
+<source-info group="VaadinSecurityConfigurer"></source-info>
+@EnableWebSecurity
+@Configuration
+@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
+class SecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        // Configure Vaadin's security using VaadinSecurityConfigurer
+        http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
+// tag::snippet[]
+            configurer.loginView("/login");
+// end::snippet[]
+        });
+
+        return http.build();
+    }
+    ...
+}
+----
+
+.`SecurityConfig.java`
+[source,java]
+----
+<source-info group="VaadinWebSecurity (deprecated since V24.9)"></source-info>
 @EnableWebSecurity
 @Configuration
 class SecurityConfig extends VaadinWebSecurity {
@@ -407,6 +519,8 @@ class SecurityConfig extends VaadinWebSecurity {
     ...
 }
 ----
+
+--
 ====