I have a vaadin 24 application running on Spring boot 3.1. I am extending VaadinWebSecurity in my SecurityConfig class and implementing the configure method. I also have rest endpoints annotated with @PostMapping and @GetMapping. I would like these endpoints to use basic authentication, while keeping the normal vaadin security in place. All apis would live under /api. Any advice on how I can implement this?
I would start by looking into providing a separate SecurityFilterChain Spring Bean with a .securityMatcher that applies to your /api path specifically. You might also want to use vaadin.exclude-urls: Configuration | Spring | Integrations | Flow | Vaadin Docs
3 Likes