Spring Security Allowing Register Page

Hi to all ,

i dont know if i open this to the right place but i need to implement a register page. so i permit it in the security conf. but even sspring security allow “/register” page. i still see the login page.

how can i just disable security for certain urls?

this setup does not work :

    protected void configure(HttpSecurity http) throws Exception {
        // Not using Spring CSRF here to be able to use plain HTML for the login page
                // Register our CustomRequestCache, that saves unauthorized access attempts, so
                // the user is redirected after login.
                //.requestCache().requestCache(new CustomRequestCache())
                // Restrict access to our application.
                // Allow all flow internal requests.
                // Allow all requests by logged in users.
                // Configure the login page.

                // Configure logout

and this is register view :

@Route(value = "register")
public class RegisterView extends VerticalLayout implements BeforeEnterObserver {

    public RegisterView() {
        add(new H1("REGISTER"));

    public void init() {

    public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {


and i am adding how “register” url looks.


Do you maybe have your own implementation of VaadinServiceInitListener where you define a global BeforeEnterListener?
This was recommended in the [vaadin with spring security]
(https://vaadin.com/learn/tutorials/securing-your-app-with-spring-security/setting-up-spring-security#_secure_router_navigation) trainings.

I could imagine that this global BeforeEnterListener redirects you to the login page. If that’s the case, you can change the code inside the global listener to “allow” the registration view as well as the login view.

public class ConfigureUIServiceInitListener implements VaadinServiceInitListener { 

    public void serviceInit(ServiceInitEvent event) {
        event.getSource().addUIInitListener(uiEvent -> {
        final UI ui = uiEvent.getUI();

     * Reroutes the user if (s)he is not authorized to access the view.
     * @param event
     *            before navigation event with event details
    private void beforeEnter(BeforeEnterEvent event) {
        if (!LoginView.class.equals(event.getNavigationTarget())
		    || !RegisterView.class.equals(event.getNavigationTarget())) // ADDED THIS LINE
            && !SecurityUtils.isUserLoggedIn()) {  

that’s exactly the case. Thank you very much Kaspar.

i changed that before event as below. i am not gonna delete my question and your answer so may be anyone else could benefit.

private void beforeEnter(BeforeEnterEvent event) {
        final boolean accessGranted = SecurityUtils.isAccessGranted(event.getNavigationTarget());
        if (!accessGranted) {
            if (SecurityUtils.isUserLoggedIn()) {
            } else {
                if (!event.getLocation().getPath().equals("register")) {

Thanks alot for this