Carousel Addon Fails with Spring Security

Flow
1

Hi,

2

Although the addon states latest version OK for V24 Vaadin
it seems that something is needed to handle the HTML import,
the npm package and the jsmodule.when Spring Security is involved.
Any guidance offered would be most appreciated.

3

Remove the @HtmlImport annotation. It was deprecated in Vaadin 14 (only remaining to support the legacy bower mode) and removed since.

4

I don’t think Spring Security has anything to do with it.

5

My concern is that the @xpertsea/paper-slider code is not getting to the frontend folder as it is not included in the addons jar. Seems to me that I need a permitall or something in securityconfiguration.
I am having the same problem with CKEditor addon where the javascript code is set in the frontend folder.

6

I have this in SecurityConfiguration

7 
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        web.ignoring().requestMatchers(
                // the robots exclusion standard
                new AntPathRequestMatcher("/robots.txt"),
                // icons and images
                new AntPathRequestMatcher("/icons/**"),
                new AntPathRequestMatcher("/images/**"),
                // (development mode) H2 debugging console
                new AntPathRequestMatcher("/h2-console/**"));
    }
8

Which is reported as deptecated and to use PermitAll but I have no ides how to do that.

9

Your security config doesn’t matter with your description. Sounds like your add-ons use package names that aren’t automatic scanned, see whitelisting https://vaadin.com/docs/latest/integrations/spring/configuration

10

I am whitelisting the CKEditor package and that is not working. The javascript in that case gets to the frontend.

11

Looking at the GitHub project of CKEditor, it doesn’t really look appealing that it’s kinda dead and other similar issues are reported there without much help, so I would say the addon is the culprit

12

Sorry, it is CKEditorVaadin.

13

I meant the same :slightly_smiling_face:

14

https://github.com/wontlost-ltd/vaadin-litelement-ckeditor this right?

15

CKEditorVaadin addon is currently maintained and has a V24 update.

16

https://vaadin.com/directory/component/ckeditorvaadin you are talking about this?

17

Actually V23 update.

18

Should also mention, Java 21

19

Still trying to figure out problem with CKEditor addon.
It is not related to spring security.
I have created a repo to investigate this problem and develop spring security login code.
https://github.com/QNENet/vaadin-login/blob/main/src/main/java/com/vaadinlogin/views/homeview/PublicHomeView.java
The ckeditor js and css seems to be correctly entered in frontend
but when run the ckeditor does not appear.

20

What am I missing to use addons with V24 and Java 21 ?