Problems with filter chain Vaadin 24, spring boot 3

Hi everybody, I hope this is allready known to you
https://stackoverflow.com/questions/76820144/spring-boot-3-and-vaadin-24-security-filter-chain Thanks in advance!

Use VaadinWebSecurity so that Vaadin takes care of all internal and underlying configuration to handle Vaadin properly.

okay, thank you, I will try to figure out what vaadin does there to take the necessitys to my code. I need saml and not a DefaultSecurityFilterChain.

As far as I remember, you can customise SecurityFilterChain, see https://github.com/vaadin/flow/blob/b965e91e8bfb00e69b3ffe8aff804e0eb9665285/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java#L133

Ah, you already did it, but got 403 for some reason :expressionless:

Okay guys, I found out what to enter to get it working again^^. Checked out the configure method in the VaadinWebSecurity.class, tried out a bit and voilà , by using the util @Autowired

private RequestUtil requestUtil; and changing my filter chain

@Bean

SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {

http.csrf().ignoringRequestMatchers(

requestUtil::isFrameworkInternalRequest);

http.authorizeHttpRequests((authorize) → authorize

.requestMatchers(mvc.pattern(“/login”), mvc.pattern(“/error”), mvc.pattern(“/h2-console/**”)).permitAll()

.anyRequest().authenticated()

).saml2Login(saml2 → {

});

return http.build();

}

Now I am still a bit worried because thttp.csrf() is deprecated, but hey, this is a case of so far, so good for the moment.

http.csrf() is deprecated, so you have to use http.csrf( cfg -> cfg.ignoreRequestMatchers(...))

I just copied it from VaadinWebSecurity^^. Thank you.