Configuring ForgotPasswordListener and spring security

Hello there. First of all i want to point out that I am kinda new with both vaadin and spring security. I am trying to configure ForgotPasswordListener to work as button for creating account. I’ve configured the based on post I found on stackoverflow:

loginForm.addForgotPasswordListener(event-> UI.getCurrent().getPage().setLocation (“create_account”));

I made very simple form with route @Route(value = “create_account”), and then i took spring security configuration from documentation (i know that its deprecated, but since there was some beans that didnt wanted cooperate i just left it as it was), the only thing i added was antmatcher for account creation:

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable()
    .requestCache().requestCache(new CustomRequestCache())
    .and().authorizeRequests()
    .requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()

** .antMatchers(“create_account”).permitAll()**

    .anyRequest().authenticated()
    .and().formLogin()
    .loginPage(LOGIN_URL).permitAll()
    .loginProcessingUrl(LOGIN_PROCESSING_URL)
    .failureUrl(LOGIN_FAILURE_URL)
     .defaultSuccessUrl("/")
     .and().userDetailsService(beerUserDetailsService)
    .logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);

}
The problem is that no matter how i phrase it, create account page will load only after I login with valid user, otherwise I cannot leave the login form. I know that for a lot of people this is probably trivial but i cannot figure why this antmatcher doesn’t work, so can some 1 explain to me why it does not work? Thanks for any help You guys can provide.

  1. I suggest you extend from VaadinWebSecurity instead of configuring it yourself.
  2. Then, you can add a @AnonymousAllowed annotation on your create_account route to make it accessible to everyone

@secure-leopard thank you very much kind sir, Your solution worked without any problems.