spring security lambda expressions do not work with vaadin 23

This is my current security config class, very simple:

package com.agilsistemas.portalparceiros.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.agilsistemas.portalparceiros.views.Login;
import com.vaadin.flow.spring.security.VaadinWebSecurity;

public class WebSecurityConfig extends VaadinWebSecurity {

    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(requests -> requests.antMatchers("/public/**", "/login", "/images/**"));

        setLoginView(http, Login.class);


    public UserDetailsService userDetailsServiceBean() throws Exception {
        return new UserDetailService();

    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();


I was using the old format of `http.authorizeRequests().antMatchers("...").permitAll();`, that worked, but after updating to Spring ``2.7.12`, it gives me warnings that I should change to the above lambda style. But now Vaadin refuses to start with the following error:
```java.lang.IllegalStateException: permitAll only works with either HttpSecurity.authorizeRequests() or HttpSecurity.authorizeHttpRequests(). Please define one or the other but not both.```
How can I fix this? Is my current version of Vaadin using permitAll()?

Does it work if you change your code from authorizeHttpRequests to authorizeRequests?

It does, but gives a warning in code. Ig ill have to live with it

There’s an open ticket for this Replace usage of deprecated authorizeHttpRequests() in VaadinWebSecurity · Issue #16872 · vaadin/flow · GitHub

And a PR chore: replace deprecated Spring Security APIs usage by mcollovati · Pull Request #17136 · vaadin/flow · GitHub

Ah, sorry. Mi missed the mention of Vaadin 23.
Linked stuff is for 24

I tried switching to 24, but It broke the project lol