Spring Security infinite redirect to login

Hi all,

I’m having some very strange behaviour when trying to add spring security to my hilla app that it gets stuck in a loop of redirects to the login page. To make sure that nothing else is interfering with it I’ve disabled anything that redirects in the frontend and all middleware.

If I don’t extend vaadin web security I get the standard spring login page and then once the session is created I get a 401 on any path. If I do extend it but don’t override the configure method I get a 401 from the beginning.

Any help would be much appreciated! :slightly_smiling_face:

Below is my security configuration:

@Configuration
@EnableWebSecurity
class SecurityConfig : VaadinWebSecurity() {

    val appSecret = "4kJvnS7m3ZVTw6Q9tsEPKzcVZiJmU2Y6b7IOyUgk/x4="
    override fun configure(http: HttpSecurity?) {
        super.configure(http)

        setLoginView(http, "/login")
        http?.sessionManagement {
            it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        }

        setStatelessAuthentication(
            http,
            SecretKeySpec(Base64.getDecoder().decode(appSecret), JwsAlgorithms.HS256),
            "<package where the application class sits>"
        )
    }
}