Failing to send REST requests after i added spring security via a Vaadin video

Hi all, I added security to my Vaadin application exactly as described by this official video of vaadin
https://www.youtube.com/watch?v=dZuy1v9isXE&ab_channel=vaadinofficial

After adding it, I added authorization to my Rest request (Im sending them via Postman. In the authorization tab of the request i chose “Basic Auth” and added the username and password), and tried to send it, but got back a very weird body in the 200 response:

<!doctype html>

window.Vaadin = window.Vaadin || {};window.Vaadin.VaadinLicenseChecker = { maybeCheck: (productInfo) => {} };window.Vaadin.devTools = window.Vaadin.devTools || {};window.Vaadin.devTools.createdCvdlElements = window.Vaadin.devTools.createdCvdlElements || [];window.Vaadin.originalCustomElementDefineFn = window.Vaadin.originalCustomElementDefineFn || window.customElements.define;window.customElements.define = function (tagName, constructor, ...args) {const { cvdlName, version } = constructor;if (cvdlName && version) { const { connectedCallback } = constructor.prototype; constructor.prototype.connectedCallback = function () { window.Vaadin.devTools.createdCvdlElements.push(this); if (connectedCallback) { connectedCallback.call(this); } } }window.Vaadin.originalCustomElementDefineFn.call(this, tagName, constructor, ...args); };

there is more but i reached maximum length

it seems to me that my rest endpoints are not routed via vaadin. does anybody know how fix this?

are routed *

Hi,

I typically set a up a separate SecurityFilterChain for the REST endpoints. I create a separate APISecurityConfig class with @EnableWebSecurity and an @Order(1) to be sure this one is used before the request is send to the Vaadin layer.

This way I am not depending on Vaadin for the security of the REST endpoints.

Hope this helps.

On the VaadinSecurityConfig I then explicitly add @Order(100) for example to keep them out of each other’s hair.

If you made this same question in SO, please add the solution that worked there as an answer. You can answer your own questions in SO, that is perfectly ok and even encouraged in order to not left questions open.

Hi, can you refer me to an example so i will try to implement it on my project?

ok once i solved it i will post it

i added to my application.yml the following line:
vaadin:
urlMapping: /ui/*

and now my vaadin ui is at http://localhost:8501/ui

but when I send REST requests to http://localhost:8501/mockers (Which worked before adding vaadin security) it still gives back the same vaadin response I mentioned earlier (I added authorization to my Rest request).

please can anyone help?

Hi, look at this post https://discord.com/channels/732335336448852018/1118899721696719020

This is the solution:
https://stackoverflow.com/questions/76100191/spring-requestmapping-returning-auto-generated-vaadin-html-page