(SOLVED) My Authentication does not persist after successfully logging in.

In essence I can successfully log in from the login and enter my main view, but then if I reload the page, or go to another view that that user has permission to, I am returned to the login. When I tested something strange happens, the first time I enter the main view I print the current user in the console and it works fine, but I print the same thing in any other event and it already tells me AnonymousUser.

I have attached two txt, one with my security class that extends VaadinWebSecurity and the other with the login method that I use in my login view. I use a DaoAuthenticationProvider as a provider.
SecurityConfig.txt (1.55 KB)
login_method.txt (557 Bytes)

Ensure that your daoAuthProvider returns an authenticated user with authorities / roles, otherwise it won’t work.

Oh thank you very much first of all for answering me so quickly, forgive my skills, I’m new to Spring and Vaadin. In my User class that implements UserDetails I have this configured:

publicCollection<? extends GrantedAuthority > getAuthorities() {
return Arrays.asList(role);

But I’m not sure how to do what you suggest…

if you are new to this, the spring security docs should get you pretty far



Thank you very much for this documentation, I read it carefully and it seems that all my configuration is fine. This behavior drives me crazy because it is very uncomfortable that the client has to log in continuously.

P.S: I even changed the SecurityContextHolder strategy to global, so that regardless of the thread of execution the same security context is shared since my application is a monolithic application, but nothing, the same problem. I do not know what else to do.

Are your views annotated with security annotations?

Hi Marcos, yes for example, the MainView:

@PageTitle(value = “Home”)
@Route(value = “”)
@RolesAllowed(value = {“ROLE_USER”, “ROLE_ADMIN”})
public class MainView extends VerticalLayout

Did you tried to increase log level of spring security?


It may help to debug the problem

And also com.vaadin.flow.server.auth=DEBUG

Thanks buddy, I’ll try to debug the way you tell me

What’s the package of the RoleAllowed annotation, if you are using Vaadin 24 you should use the Jakarta package.

Yes man, I use Vaadin 24 and Jakarta package

I also use Java 17.0.2 in this project

Analyzing the Spring Security traces I have these debugs once I log in supposedly successfully:

-Did not find SecurityContext in HttpSession D5D78853E6928479F26EF52246F0B4CE using the SPRING_SECURITY_CONTEXT session attribute

-Created SecurityContextImpl [Null authentication]

-Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D5D78853E6928479F26EF52246F0B4CE], Granted Authorities= [ROLE_ANONYMOUS]]

I don’t understand the reason for this, could it be that the authentication method using DAO is no longer fully supported?

Did you check that your DAO implementation really works? Like returning a proper user password authentication with roles?

Hello again Knoobie, well yes, look I have these debugs in the constructor of my main view. That is, as soon as I log in everything works fine:




And this is an example of what it prints for a given user:


The problem is that if I do this same debug in any other event, even without leaving that view, it already becomes AnonymousUser.

So, it’s all very strange, right?

instead of your dao authentication, you can try this auth code from the spring docs to see if that makes any difference

SecurityContext context = SecurityContextHolder.createEmptyContext();
Authentication authentication =
new TestingAuthenticationToken(“username”, “password”, “ROLE_USER”);


@upbeat-viper check you browser cookies are enabled. try another browser. It’s looks like a cookie problem