Problems with filter chain Vaadin 24, spring boot 3

Hi everybody, I hope this is allready known to you Thanks in advance!

Use VaadinWebSecurity so that Vaadin takes care of all internal and underlying configuration to handle Vaadin properly.

okay, thank you, I will try to figure out what vaadin does there to take the necessitys to my code. I need saml and not a DefaultSecurityFilterChain.

As far as I remember, you can customise SecurityFilterChain, see

Ah, you already did it, but got 403 for some reason :expressionless:

Okay guys, I found out what to enter to get it working again^^. Checked out the configure method in the VaadinWebSecurity.class, tried out a bit and voilà , by using the util @Autowired

private RequestUtil requestUtil; and changing my filter chain


SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {



http.authorizeHttpRequests((authorize) → authorize

.requestMatchers(mvc.pattern(“/login”), mvc.pattern(“/error”), mvc.pattern(“/h2-console/**”)).permitAll()


).saml2Login(saml2 → {




Now I am still a bit worried because thttp.csrf() is deprecated, but hey, this is a case of so far, so good for the moment.

http.csrf() is deprecated, so you have to use http.csrf( cfg -> cfg.ignoreRequestMatchers(...))

I just copied it from VaadinWebSecurity^^. Thank you.