Hi everybody, I hope this is allready known to you
https://stackoverflow.com/questions/76820144/spring-boot-3-and-vaadin-24-security-filter-chain Thanks in advance!
Use VaadinWebSecurity so that Vaadin takes care of all internal and underlying configuration to handle Vaadin properly.
okay, thank you, I will try to figure out what vaadin does there to take the necessitys to my code. I need saml and not a DefaultSecurityFilterChain.
As far as I remember, you can customise SecurityFilterChain, see https://github.com/vaadin/flow/blob/b965e91e8bfb00e69b3ffe8aff804e0eb9665285/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java#L133
Ah, you already did it, but got 403 for some reason 
Okay guys, I found out what to enter to get it working again^^. Checked out the configure method in the VaadinWebSecurity.class, tried out a bit and voilà , by using the util @Autowired
private RequestUtil requestUtil; and changing my filter chain
SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http.csrf().ignoringRequestMatchers(
requestUtil::isFrameworkInternalRequest);
http.authorizeHttpRequests((authorize) → authorize
.requestMatchers(mvc.pattern(“/login”), mvc.pattern(“/error”), mvc.pattern(“/h2-console/**”)).permitAll()
.anyRequest().authenticated()
).saml2Login(saml2 → {
});
return http.build();
}
Now I am still a bit worried because thttp.csrf() is deprecated, but hey, this is a case of so far, so good for the moment.
http.csrf() is deprecated, so you have to use http.csrf( cfg -> cfg.ignoreRequestMatchers(...))
I just copied it from VaadinWebSecurity^^. Thank you.