Carousel Addon Fails with Spring Security


Although the addon states latest version OK for V24 Vaadin
it seems that something is needed to handle the HTML import,
the npm package and the jsmodule.when Spring Security is involved.
Any guidance offered would be most appreciated.

Remove the @HtmlImport annotation. It was deprecated in Vaadin 14 (only remaining to support the legacy bower mode) and removed since.

I don’t think Spring Security has anything to do with it.

My concern is that the @xpertsea/paper-slider code is not getting to the frontend folder as it is not included in the addons jar. Seems to me that I need a permitall or something in securityconfiguration.
I am having the same problem with CKEditor addon where the javascript code is set in the frontend folder.

I have this in SecurityConfiguration

    public void configure(WebSecurity web) throws Exception {
                // the robots exclusion standard
                new AntPathRequestMatcher("/robots.txt"),
                // icons and images
                new AntPathRequestMatcher("/icons/**"),
                new AntPathRequestMatcher("/images/**"),
                // (development mode) H2 debugging console
                new AntPathRequestMatcher("/h2-console/**"));

Which is reported as deptecated and to use PermitAll but I have no ides how to do that.

Your security config doesn’t matter with your description. Sounds like your add-ons use package names that aren’t automatic scanned, see whitelisting

I am whitelisting the CKEditor package and that is not working. The javascript in that case gets to the frontend.

Looking at the GitHub project of CKEditor, it doesn’t really look appealing that it’s kinda dead and other similar issues are reported there without much help, so I would say the addon is the culprit

Sorry, it is CKEditorVaadin.

I meant the same :slightly_smiling_face: this right?

CKEditorVaadin addon is currently maintained and has a V24 update. you are talking about this?

Actually V23 update.

Should also mention, Java 21

Still trying to figure out problem with CKEditor addon.
It is not related to spring security.
I have created a repo to investigate this problem and develop spring security login code.
The ckeditor js and css seems to be correctly entered in frontend
but when run the ckeditor does not appear.

What am I missing to use addons with V24 and Java 21 ?