Login form redirects to background image instead of correct page.

I have a simple login form with a placeholder image as background.
After setting up the login action, i can login to the respective pages /admin and /parceiro depending on the role.

It all works fine, until i use this image as the background. Instead of going to the correct page, it redirects me to the image itself.

What’s more strange, it happens at random times, so sometimes it works as intended. I have no idea what’s causing it.
image.jpg
image.jpg

How did you configure security?

Hi!

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends VaadinWebSecurity {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/").permitAll();
        http.userDetailsService(userDetailsServiceBean());

        super.configure(http);
        
        setLoginView(http, Login.class);

    }

    @Bean
    public UserDetailsService userDetailsServiceBean() throws Exception {
        return new UserDetailService();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}```

I would say that this line is the problem

http.authorizeRequests().antMatchers("/").permitAll();

got it, ill give it some testing and return later

ty!

Hello again! After testing, it has not solved the issue

I identified that when the error is going to happen, the login screen loads without its background, and reloading the page does not seem to load the image. Only when I login, the error will happen and the image will display properly on future logins.

I will also include the custom user deteils service I am using:

public class UserDetailService implements UserDetailsService {

    @Autowired
    private UsuarioRepository usuarioRepository;

    @Override
    public UserDetails loadUserByUsername(String username) {
        UsuarioModel user = usuarioRepository.findByLoginAndAtivo(username, true);
        if (user == null) {
            UsuarioModel userIn = usuarioRepository.findByLoginAndAtivo(username, true);
            if (userIn == null) {
                throw new UsernameNotFoundException(username);
            }else{
                Notification.show("Este usuário está inativo.");
                throw new UsernameNotFoundException(username);
            }

        }
        MiscConfigs.appTheme = user.getTemaApp();
        return new MainUserDetail(user);
    }

}```

Well what did you do? What did you debug? What did you change? Now the image is secured by default - if it’s public available it has to be configured.

Its just a background image for a VerticalLayout i have set it using : java getElement().getStyle().set("background-image", "url('images/fundo.png')"); getElement().getStyle().set("background-size", "cover");
I had no idea that simply putting the image could do this. I have already shown my webconfig class and my custom clientdetails service, do you need aditional classes?

this is my current folder structure
image.png

and this is my Login View
Login.java (3.04 KB)

It’s all very simple.

Well that URL should be protected by default by spring if not otherwise specified and therefore creating problems on load and login if the Browser accesses the wrong URL first

i have a universal redirect based on roles too

all of my views implement a BeforeEnterObserver, so i can redirect the user to the correct page

public static void redirecionarUsuario(SecurityService securityService, BeforeEnterEvent event) {

        if (securityService.getAuthenticatedUser() != null) {
            UserDetails user = securityService.getAuthenticatedUser();

            System.out.println(user.getUsername());

            if (user.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN"))) {
                event.forwardTo(TelaPrincipalAdmin.class);
            } else if (user.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER"))) {
                event.forwardTo(TelaPrincipalParceiro.class);
            }
        } else {
            event.forwardTo(Login.class);
        }

    }```

this method redirects the user to the correct page