Invalid security key received from


When I click the login Button I get “Invalid Security Key received from”-error.
In addition to that I get the Warning and the information about the different GWT and Vaadin version. Eclipse seems to use the Vaadin 7.0.2 jar even though in the classpath I pointed to Vaadin 7.3.8.jar version. Eclipse says Vaadin is up to date, but still seems to use the old jar.

  1. WARN:oeja.WebServletAnnotation…ChartsTutorial is not assignable from javax.servlet.http.HttpServlet
    I use this annotation in the UI: @Widgetset(“com.example.project.widgetset.ProjectWidgetset”)

  2. Warning:
    The widgetset in use does not seem to be built for the Vaadin
    version in use. This might cause strange problems - a
    recompile/deploy is strongly recommended.
    Vaadin version: 7.0.2
    Widgetset version: 7.3.8

  3. Error from UI:
    Invalid security key received from…

Any suggestions?


Alright, I solved it myself.

  1. First I tried a “wrong solution”:
    I deleted the old Vaadin 7.0.2 jar from the local maven repository:
    local repository-directory is .m2 if you’re using Windows: (Username/.m2/com/Vaadin/Vaadin-server/7.0.2/)
    Then I created a folder for the 7.3.8 jar and added the jar into it.
    In Eclipse I right clicked on my project and chose properties->Vaadin and changed the jar to version 7.3.8
    Finally I compiled the project and a classNotFoundException for vaadin-server and vaadin-shared was thrown. The 7.3.8 jar was located in the classpath, though.

  2. The correct solution
    I had to add the dependency in my pom.xml and let maven download the jar itself. So I added these two dependencies to the pom.xml:

com.vaadin vaadin-server 7.3.8

Compiled everything, and YES(!), finally! it worked. Hope this helps someone else to save some time trying to copy jars into your local repository or hacking around with the classpath, which didn’t work neither.
So it was indeed a version conflict of Vaadin and the widgetset.