Hi all,
I’m having some very strange behaviour when trying to add spring security to my hilla app that it gets stuck in a loop of redirects to the login page. To make sure that nothing else is interfering with it I’ve disabled anything that redirects in the frontend and all middleware.
If I don’t extend vaadin web security I get the standard spring login page and then once the session is created I get a 401 on any path. If I do extend it but don’t override the configure method I get a 401 from the beginning.
Any help would be much appreciated! 
Below is my security configuration:
@Configuration
@EnableWebSecurity
class SecurityConfig : VaadinWebSecurity() {
val appSecret = "4kJvnS7m3ZVTw6Q9tsEPKzcVZiJmU2Y6b7IOyUgk/x4="
override fun configure(http: HttpSecurity?) {
super.configure(http)
setLoginView(http, "/login")
http?.sessionManagement {
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}
setStatelessAuthentication(
http,
SecretKeySpec(Base64.getDecoder().decode(appSecret), JwsAlgorithms.HS256),
"<package where the application class sits>"
)
}
}