Of course I can remove the NPE, but the point is that the HomeView should never be executed for users that aren’t logged in. That seems to be exactly the kind of security holes that the ConfigureUIServiceInitListener fixes.
That being said, if I remove the NPE, then the HomeView is shown without any Login whatsoever. The log output:
Re-reading your last answer makes me think I might have been unclear. The NPE is not happening on the LoginView, that view does not use the AppLayout. It is happening on the HomeView, at which point I assume that there will always be an authenticated user.
Okay, a misunderstanding then. Now it makes a bit more sense.
This is what I do after logging “Forwarding to login route…”:
event.forwardTo(loginRoute);
// clear any reroute to avoid error when both are set
if (event.hasRerouteTarget())
event.rerouteTo((NavigationHandler) null, null);
The only possible explanation I can come up with, is that my forward is somehow canceled afterwards? No idea where that might happen, though.
That seems weird - the forwarding to the login route simply doesn’t happen and then the application tries to access the HomeView again, which leads to the NPE.
Hmm, I don’t really have any new insights for you. You might just have to do some debugging to see why the forward isn’t executed even though I call the method. You could start in DefaultVaadinAccessControl at line 176 where I call forwardTo(…) and look what happens to the BeforeEnterEvent and why Vaadin doesn’t navigate to the login view.