GET method not supported in Vaadin 24

Am unable to make external GET requests to vaadin views. I get the error GET method not supported; This has led to another issue of been unable to access static resources like images in the “…/images/**” directory since the browser has to make a GET request to the backend…i have tried the following solutions:

  • vaadin.exclude-urls=/images/** …added this to the properties file

  • http.securityMatcher(“/images/**”).csrf(AbstractHttpConfigurer::disable); …added this to my security configuration

  • .requestMatchers(antMatchers( “/images/**”)).anonymous(); …added to security configuration

  • @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler(“/images/**”)
    .addResourceLocations(“classpath:/static/images/”)
    .setCachePeriod(3600)
    .resourceChain(true);
    }

  • tried implementing the HasUrlParameter interface to enable GET request to views

All of the above solutions did not work. Please is there something i need to do or is that i am doing wrong in my application…Thank you

Please post your full security configuration and where your images are located.

Check Loading Resources | Advanced Topics | Flow | Vaadin Docs to make sure your resources are in the correct place.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends VaadinWebSecurity {

private final CustomUserDetailsService userDetailsService;
private final PasswordEncoder passwordEncoder;

public SecurityConfiguration(PasswordEncoder passwordEncoder, CustomUserDetailsService userDetailsService) {
    this.userDetailsService = userDetailsService;
    this.passwordEncoder = passwordEncoder;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    
    http.securityMatcher("/images/**").csrf(AbstractHttpConfigurer::disable);
    http
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session -> session
            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .sessionFixation().newSession()
            .maximumSessions(1)
            .maxSessionsPreventsLogin(false)
            .expiredUrl("/login?expired"));
    http.authorizeHttpRequests(auth -> auth
            .requestMatchers(antMatchers("/admins")).hasRole("ADMIN")
            .requestMatchers(antMatchers("/dues")).hasRole("ADMIN")
            .requestMatchers(antMatchers("/donations")).hasRole("ADMIN")
            .requestMatchers(antMatchers("/student")).hasRole("STUDENT")
            .requestMatchers(antMatchers("/duespayment")).hasRole("STUDENT")
            .requestMatchers(antMatchers("/draftpost")).hasRole("EDITOR")
            .requestMatchers(antMatchers("/createpost")).hasRole("EDITOR")
            .requestMatchers(antMatchers("/changeusername")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
            .requestMatchers(antMatchers("/user")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
            .requestMatchers(antMatchers("/addmail")).hasAnyRole("ADMIN", "MANAGER", "EDITOR")
            .requestMatchers(antMatchers("/students")).hasAnyRole("ADMIN", "MANAGER")
            .requestMatchers(antMatchers("/managers")).hasAnyRole("ADMIN", "MANAGER")
            .requestMatchers(antMatchers("/editors")).hasAnyRole("ADMIN", "MANAGER")
            .requestMatchers(antMatchers("/settings")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
            .requestMatchers(antMatchers("/livepost")).hasAnyRole("ADMIN", "MANAGER", "EDITOR")
            .requestMatchers(antMatchers("/", "/login", "/student/register", "/alumni/register", "/forgot", "/changepassword", "/donationpayment","/images/**"))
            .anonymous()
            .requestMatchers(antMatchers("/", "/**", "/*.js", "/*.css", "/*.png", "/*.svg", "/*.jpeg", "/*.jpg", "/*.ico", "/*.gif", "/error"))
            .anonymous()
    );
    
    super.configure(http);
    setLoginView(http, LoginView.class);
    
    
}

@Bean
public AuthenticationManager authenticationManager(List<AuthenticationProvider> authenticationProviders) throws Exception {
    return new ProviderManager(authenticationProviders);
}

@Bean
public DaoAuthenticationProvider authenticationProvider() {
    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
    authProvider.setUserDetailsService(userDetailsService);
    authProvider.setPasswordEncoder(passwordEncoder);
    return authProvider;
}

@Bean
public static NavigationAccessControlConfigurer navigationAccessControlConfigurer() {
    return new NavigationAccessControlConfigurer().withRoutePathAccessChecker();
}

@Bean
public SecurityContextRepository securityContextRepository() {
    return new HttpSessionSecurityContextRepository();
}

}

This is my full security configuration file

Screenshot 2024-09-04 3.58.41 PM

This is all you need:

http.authorizeHttpRequests(requests -> {
     // Permit access to static resources
   requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();

   });

add your images to /resources/public/images