Damian.45
(Damian Thomas)
September 3, 2024, 9:30pm
1
Am unable to make external GET requests to vaadin views. I get the error GET method not supported; This has led to another issue of been unable to access static resources like images in the “…/images/**” directory since the browser has to make a GET request to the backend…i have tried the following solutions:
vaadin.exclude-urls=/images/** …added this to the properties file
http.securityMatcher(“/images/**”).csrf(AbstractHttpConfigurer::disable); …added this to my security configuration
.requestMatchers(antMatchers( “/images/**”)).anonymous(); …added to security configuration
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler(“/images/**”)
.addResourceLocations(“classpath:/static/images/”)
.setCachePeriod(3600)
.resourceChain(true);
}
tried implementing the HasUrlParameter interface to enable GET request to views
All of the above solutions did not work. Please is there something i need to do or is that i am doing wrong in my application…Thank you
knoobie
(Christian Knoop)
September 4, 2024, 4:39am
2
Please post your full security configuration and where your images are located.
ollit.1
(Olli Tietäväinen)
September 4, 2024, 11:26am
3
Check Loading Resources | Advanced Topics | Flow | Vaadin Docs to make sure your resources are in the correct place.
Damian.45
(Damian Thomas)
September 4, 2024, 2:45pm
4
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends VaadinWebSecurity {
private final CustomUserDetailsService userDetailsService;
private final PasswordEncoder passwordEncoder;
public SecurityConfiguration(PasswordEncoder passwordEncoder, CustomUserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
this.passwordEncoder = passwordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.securityMatcher("/images/**").csrf(AbstractHttpConfigurer::disable);
http
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.sessionFixation().newSession()
.maximumSessions(1)
.maxSessionsPreventsLogin(false)
.expiredUrl("/login?expired"));
http.authorizeHttpRequests(auth -> auth
.requestMatchers(antMatchers("/admins")).hasRole("ADMIN")
.requestMatchers(antMatchers("/dues")).hasRole("ADMIN")
.requestMatchers(antMatchers("/donations")).hasRole("ADMIN")
.requestMatchers(antMatchers("/student")).hasRole("STUDENT")
.requestMatchers(antMatchers("/duespayment")).hasRole("STUDENT")
.requestMatchers(antMatchers("/draftpost")).hasRole("EDITOR")
.requestMatchers(antMatchers("/createpost")).hasRole("EDITOR")
.requestMatchers(antMatchers("/changeusername")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
.requestMatchers(antMatchers("/user")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
.requestMatchers(antMatchers("/addmail")).hasAnyRole("ADMIN", "MANAGER", "EDITOR")
.requestMatchers(antMatchers("/students")).hasAnyRole("ADMIN", "MANAGER")
.requestMatchers(antMatchers("/managers")).hasAnyRole("ADMIN", "MANAGER")
.requestMatchers(antMatchers("/editors")).hasAnyRole("ADMIN", "MANAGER")
.requestMatchers(antMatchers("/settings")).hasAnyRole("ADMIN", "MANAGER", "EDITOR", "STUDENT")
.requestMatchers(antMatchers("/livepost")).hasAnyRole("ADMIN", "MANAGER", "EDITOR")
.requestMatchers(antMatchers("/", "/login", "/student/register", "/alumni/register", "/forgot", "/changepassword", "/donationpayment","/images/**"))
.anonymous()
.requestMatchers(antMatchers("/", "/**", "/*.js", "/*.css", "/*.png", "/*.svg", "/*.jpeg", "/*.jpg", "/*.ico", "/*.gif", "/error"))
.anonymous()
);
super.configure(http);
setLoginView(http, LoginView.class);
}
@Bean
public AuthenticationManager authenticationManager(List<AuthenticationProvider> authenticationProviders) throws Exception {
return new ProviderManager(authenticationProviders);
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder);
return authProvider;
}
@Bean
public static NavigationAccessControlConfigurer navigationAccessControlConfigurer() {
return new NavigationAccessControlConfigurer().withRoutePathAccessChecker();
}
@Bean
public SecurityContextRepository securityContextRepository() {
return new HttpSessionSecurityContextRepository();
}
}
This is my full security configuration file
knoobie
(Christian Knoop)
September 4, 2024, 5:42pm
6
This is all you need:
http.authorizeHttpRequests(requests -> {
// Permit access to static resources
requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
});
add your images to /resources/public/images