Spring Security Login

I am currently viewing a Vaadin tutorial from the vaadinofficial YouTube channel that was published in 2021.
For connecting the user management to Spring Security, he uses the class VaadinWebSecurityConfigurerAdapter that does not exist anymore in the current version.

Some user also seemed to be confused on the internet (https://stackoverflow.com/questions/67500144/what-happened-to-vaadinwebsecurityconfigureradapter-in-vaadin-19).
I already tried to find resources on the internet regarding the implementation of Spring Security but it was quiet confusing.

Does somebody know, “what happened to VaadinWebSecurityConfigurerAdapter”?

VaadinWebSecurityConfigurerAdapter has been deprecated in favor of VaadinWebSecurity

Does anybody know how I define on wich page the user will be redirected after login?
I am currently getting to http://localhost:8080/line-awesome/svg/file.svg?continue

I think this happens because the svg file is not public. Try to add a permitAll matcher for /line-awesome in the security configuration

There is no line-aweseome configuartion at all in my project.
I only get redirected when login was successfull.
An error message is not displayed when login is unsuccessfull.

What Vaadin version are you using? Did you create the project with start.vaadin.com?
How does the login view look like? On unsuccessful login there should be a error parameter that you can use to show an error message
On successfull log in you are redirect to the image probably because the resource is not available at runtime and is considered a Vaadin view. So the url is saved and after the login you get redirected there.
It works like you try to access a private view, e.g. account page, but you are not logged in. So the url is cached, the login view is shown, and after entering correct credentials you are redirect to the desired account page

I am using the latest vaadin version.
The error parameter on unsuccessful login is in the URL, but it does not get displayed in the Vaadin login form.
I am not redirecting the user to anything, because I don’t know how.

This is my login page:

@PageTitle("Login | abitix online")
@Route(value = "login")
public class LoginView extends VerticalLayout implements BeforeEnterListener {

  private LoginForm loginForm = new LoginForm();

  public LoginView() {
    setSizeFull();

    loginForm.setForgotPasswordButtonVisible(false);

    setAlignItems(Alignment.CENTER);
    setJustifyContentMode(JustifyContentMode.CENTER);

    loginForm.setAction("login");

    add(new H1("abitix online"), loginForm);
  }

  @Override
  public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {
    if (beforeEnterEvent.getLocation().getQueryParameters().getParameters().containsKey("error")) {
      loginForm.setError(true);
    }
  }
}

I dont know wich page does not have the permissions, but a redirection to line-awesome seems strange


EDIT: Line-awesome is the Vaadin directory for icons and images. Beacause a favicon was used from there, SpringSecurity thought, I wanted to revisit the requested resource that I could not access after login.
Problem solved.

But the question, why my error does not get displayed on login stays.

But the question, why my error does not get displayed on login stays
That’s really weird. Can you able to share the project as a githu repo or zip file?

In the example on documentation the login view implements BeforeEnterObserver .
Try to replace BeforeEnterListener with BeforeEnterObserver

The beforeenter event is dispatch to all components implementing BeforeEnterObserver

But BeforeEnterListeners must be registered programmatically to the UI

Take a look here for more details Navigation Lifecycle | Routing & Navigation | Vaadin Docs

Thank you that worked :pray:
I was using the above mentioned old tutorial, so I got the wrong implementation.

closed