Getting Access Denied for all routes with PermitAll() in Vaadin 24 and Azure SSO

marcoc_753 · March 8, 2024, 10:00am

The anyRequest().authenticated() part is already done by VaadinWebSecurity, when you call super.configure()
so you can remove it from ypur code

nourishing-yak · March 8, 2024, 10:02am

OK - I can get to my pages now but with no login request

nourishing-yak · March 8, 2024, 10:03am

Unless my login is still valid from yesterday

nourishing-yak · March 8, 2024, 10:03am

I’ll try another browser

nourishing-yak · March 8, 2024, 10:07am

OK - so I got a login request on Opera and logged in with Azure SSO and then an error page

nourishing-yak · March 8, 2024, 10:07am

quirky-zebra · March 8, 2024, 10:12am

Looks like wrong usage of spring scopes on Vaadin components

nourishing-yak · March 8, 2024, 10:13am

I’ll have to look at my pages

nourishing-yak · March 8, 2024, 10:19am

Maybe revert to a test project and make sure that all works also, although this was all working with the standard Vaadin login that’s supplied with the default LoginForm etc in teh Vaadin docs so I don’t see why it would not work when all I’m changing is the auth metod

nourishing-yak · March 8, 2024, 10:29am

Anyhow - I’ll see how I get on - thanks a million for all the help @versatile-zorse and @quirky-zebra

nourishing-yak · March 8, 2024, 11:03am

Actually - one more question guys - by wrong usage of spring scopes on Vaadin components do you mean I may have mixed up som of the annotations between Spring and Vaadin?

quirky-zebra · March 8, 2024, 11:04am

Yes. Using @Component makes Vaadin components a singleton, which in turn makes your site unusable for more than one person

nourishing-yak · March 8, 2024, 11:06am

Weird as I’m not using @Component anywhere (just searched all files)

nourishing-yak · March 8, 2024, 11:09am

It had been there initially with the vaadin example code and the example login but that’s commented out now

quirky-zebra · March 8, 2024, 11:09am

private static… can also be a problem… but yeah, start from scratch - test your auth thing in there before bringing it to your full fledged project

nourishing-yak · March 8, 2024, 11:09am

Thanks!

nourishing-yak · March 13, 2024, 1:08pm

@quirky-zebra and @versatile-zorse
All I needed was

@Configuration
public class SecurityConfig extends VaadinWebSecurity {
    protected void configure(HttpSecurity http) throws Exception {
        http.oauth2Login(Customizer.withDefaults());
        super.configure(http);
    }
}```

nourishing-yak · March 13, 2024, 1:08pm

I’m still getting the error with this though:

nourishing-yak · March 13, 2024, 1:11pm

I created a dummy project and it all works fine so I just need to narrow down what it is.
I’m also using JPA but I doubt that would cause a problem
I do have a few private static variables also - I’ll remove them and
ALso - the JPA generated classes all have
private static final long serialVersionUID = 1L;
Would that be an issue?

ollit.1 · March 13, 2024, 1:17pm

Probably not