0

Background

I am attempting to develop a Spring Boot/Vaadin application that will be used to collect user input and pass the data on to another application via REST. The Vaadin app sits in the middle of the process flow, with an external application (JD Edwards EnterpriseOne - aka E1) on the leading and trailing ends. I have attached an image that hopefully illustrates this.

Process flow

A user logged in to E1 will have the ability to access the Vaadin app. They will be logged in to E1 with their user name and password, along with other required information. This information needs to be passed to the Vaadin app so that when the user submits the form, the information is passed to E1 to authenticate and execute an E1 application. The application will, of course, also pass the user form inputs to E1.

Another important thing to note is that E1 has the ability to invoke a REST endpoint. This is how I'm planning on invoking the Vaadin application. The connection can be configured to specify the URL, HTTP headers and security settings. I have it currently using basic authentication. Using an OAuth 2.0 credential is also an option, although I not familiar with it. There is also the capability to specify client certificate information. As far as I can tell, this is the only way to invoke an external application from E1.

The Problem

I am trying to figure out how to pass the user "metadata" to the Vaadin application.

It appears that Vaadin provides the capability to pass parameters to a Vaadin view when it is invoked. This seems to take the form of standard HTTP URL parameters - not the way I want to pass auth information. Are there other options to pass request data to a Vaadin app that's less exposed?

I have also been experimenting with an idea where my Vaadin app has a @RestController which could be used to receive the metadata (still the same security concerns). I then somehow need to figure out how to launch the Vaadin view from the controller and pass the data to it.

Finally, when the user submits the form, the metadata and the user input data needs to be passed via REST to an E1 application, which do all the work behind the scenes in E1.

Is there a way to pass request data to a Vaadin app that doesn't involve HTTP parameters? Are there ways to protect this data?

Off topic but still a valid concern

A major concern is how to pass the user authentication information so that it's protected. I am not very familiar with the techniques used to secure web-based applications or the communications between such applications. The E1 systems and the server from which the Vaadin app would be running from would be behind a firewall, but I'm not sure if that's enough.

Joseph Gagnon
  • 1,731
  • 3
  • 30
  • 63
  • Have you looked into using Spring Security? The Vaadin app is still a Spring Boot app so the security context (authN, authZ) is still there. – Hawk Sep 07 '21 at 20:02
  • You are asking a complex question. And probably the best answer is not do the integration on Vaadin level. There are many products developed for between application communications and sync, like Apache Kafka and RabbitMQ. – Tatu Lund Sep 08 '21 at 05:22

0 Answers0