24

I am using Vaadin 24. After a successful login, the redirect is to an icon file instead of a page to be redirected to. here is my code for securityConfig.

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import com.iot.simulator.views.login.LoginView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {

@Autowired
MyCustomUserDetailsService testService;

protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(testService);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    
    http
    .httpBasic()
    .and()
    .authorizeHttpRequests()
    .requestMatchers("/login").permitAll()

// .anyRequest().permitAll()
.and()
.formLogin()
.loginPage(“/login”)
.defaultSuccessUrl(“/simulator-main-view”, true)
.permitAll();

// http
// .httpBasic()
// .and()
// .authorizeHttpRequests()
// .requestMatchers(“/login”).permitAll();

    super.configure(http);

    setLoginView(http, LoginView.class); 
}

@Override
public void configure(WebSecurity web) throws Exception {
    // Customize your WebSecurity configuration.
    super.configure(web);
}

}

I had this issue some time ago, the issue resolved when I added the static resources as a permit all
E.g. /icons/**

I guess the problem is caused by the browser making the first request to the favicon and spring redirects to the secured url when successful login

I tried. your suggestionBut it did not work…

in Vaadin 24, these icon are created at run time and returned as a components. So they are not stores in the icons folder.

fixed the problem, partially. thanks to your suggestion. they are stored in /line-awesome/** folder.

But the redirect to a particular/selected page(URL) still does not work.

this is the updated class

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {

@Autowired
MyCustomUserDetailsService testService;

protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(testService);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    
    http
    .httpBasic()
    .and()
    .authorizeHttpRequests()
    .requestMatchers("/login", "/images/**", "/icons/**", "/line-awesome/**").permitAll()

// .anyRequest().permitAll()
.and()
.formLogin()
.loginPage(“/login”)
.defaultSuccessUrl(“/simulator-main-view”, true)
.permitAll();

    super.configure(http);

    setLoginView(http, LoginView.class); 
}

@Override
public void configure(WebSecurity web) throws Exception {
    // Customize your WebSecurity configuration.
    super.configure(web);
}

}

Just to confirm, the above class does not redirect to the target URL, after a successful login.