Documentation versions (currently viewingVaadin 23)

You are viewing documentation for Vaadin 23. View latest documentation


Vaadin Flow is a server-side framework, where all the application state, business model, and UI logic stay on the server. A Flow application never exposes its internals to the browser, where vulnerabilities could be abused by an attacker. This makes the development model inherently secure. However, best practices should be followed and common vulnerabilities should be avoided to ensure security.

Enabling Security
Learn how to enable and configure security in a Vaadin Flow application using the built-in security helpers with Spring Boot.
Advanced Security Topics