Hilla Documentation

Security

Hilla is a combined client and server programming model. As an application developer, you make a decision about how much of the application state is stored on the server and how much is stored in the user’s browser. The following sections describe the best practices for securing such applications.

Topics

Security in Hilla Applications
An introduction to the Hilla security architecture and how it works in practice.
Configuring Security
How to specify the role-based access control rules as annotations for the endpoint class or its individual methods.
Authentication With Spring Security
How to configure authentication with Spring Security.
Accessing Authentication Data
Accessing authentication data such as username and roles on the server side, as well as transferring the data to the client.
Role-Based Access Control for Views
How to restrict access for selected Hilla views based on roles defined for the logged-in user.
Stateless Authentication
Using stateless authentication to persist authentication on the client side between requests.
Offline Support for Authentication
Storing the authentication data in the browser for offline applications.
Handling Session Expiration
How to detect session expiration, for example to show a login view to the user.
Common Vulnerabilities
Dealing with vulnerabilities, such as SQL injection, cross-site request forgery, and Java serialization.
Best Practices
Best practices in authentication and authorization, data validation, and SSL and HTTPS.