Configuring ForgotPasswordListener and spring security

Hello there. First of all i want to point out that I am kinda new with both vaadin and spring security. I am trying to configure ForgotPasswordListener to work as button for creating account. I’ve configured the based on post I found on stackoverflow:

loginForm.addForgotPasswordListener(event-> UI.getCurrent().getPage().setLocation (“create_account”));

I made very simple form with route @Route(value = “create_account”), and then i took spring security configuration from documentation (i know that its deprecated, but since there was some beans that didnt wanted cooperate i just left it as it was), the only thing i added was antmatcher for account creation:

protected void configure(HttpSecurity http) throws Exception {

    .requestCache().requestCache(new CustomRequestCache())

** .antMatchers(“create_account”).permitAll()**


The problem is that no matter how i phrase it, create account page will load only after I login with valid user, otherwise I cannot leave the login form. I know that for a lot of people this is probably trivial but i cannot figure why this antmatcher doesn’t work, so can some 1 explain to me why it does not work? Thanks for any help You guys can provide.

  1. I suggest you extend from VaadinWebSecurity instead of configuring it yourself.
  2. Then, you can add a @AnonymousAllowed annotation on your create_account route to make it accessible to everyone

@secure-leopard thank you very much kind sir, Your solution worked without any problems.