public void checkAccessRestrictionForRequestedView(Navigator navigator) { final View targetView = viewProvider.getView(navigator.getState()); if (targetView != null) { final Collection<ConfigAttribute> attributes = new SecuredAnnotationSecurityMetadataSource() .getAttributes( new SimpleMethodInvocation( targetView, ReflectionUtils.findMethod( View.class, "enter", ViewChangeListener.ViewChangeEvent.class))); try { accessDecisionManager.decide( SecurityContextHolder.getContext().getAuthentication(), targetView, attributes); } catch (AccessDeniedException adExc) { // must be ignored as this exception is already handled in the AccessDecisionManager } } }
@Override protected void init(VaadinRequest request) { setLocale(Locale.ENGLISH); // Let's register a custom error handler to make the 'access denied' messages a bit friendlier. setErrorHandler( new DefaultErrorHandler() { @Override public void error(com.vaadin.server.ErrorEvent event) { if (SecurityExceptionUtils.isAccessDeniedException(event.getThrowable())) { Notification.show("Sorry, you don't have access to do that."); } else { super.error(event); } } }); VerticalLayout layout = new VerticalLayout(); Panel viewContent = new Panel(); MenuBar menu = new MenuBar(); menu.addStyleName("navigation-menu"); layout.addComponents(menu, viewContent); layout.setSizeFull(); viewContent.setSizeFull(); layout.setExpandRatio(viewContent, 1); menu.addItem("Trading Area", e -> onDashboardClicked()); menu.addItem("Users", e -> onCustomersClicked()); navigator = new Navigator(this, viewContent); springViewProvider.setAccessDeniedViewClass(AccessDeniedView.class); navigator.addProvider(springViewProvider); navigator.setErrorView(ErrorView.class); setContent(layout); String state = navigator.getState(); if (state != null && !state.isEmpty()) { navigator.navigateTo(state); } else { navigator.navigateTo(TradingAreaView.NAME); } }