Vaadin 14 + Spring Security every second time no styling

I have a strange Bug if I add spring security to my starter project.
I think this gif will show the behavior perfectly. If I am not logged in and try to access a view which don’t need any authorization, on every second refresh the view has no styling. If I am logged in and do the same on the page everything works fine. If I remove all spring security and do the same for the page, everything works fine.
The sources can be found here: https://github.com/berndklb/vaadin-bugs/tree/bug/no_styling_after_refresh
My SpringSecurity Settings:

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	private static final String LOGIN_PROCESSING_URL = "/login";
	private static final String LOGIN_FAILURE_URL = "/login?error";
	private static final String LOGIN_URL = "/login";
	private static final String LOGOUT_SUCCESS_URL = "/test";

	private final UserDetailsService userDetailsService;

	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	public SecurityConfiguration(UserDetailsService userDetailsService) {
		this.userDetailsService = userDetailsService;
	}

	/**
	 * The password encoder to use when encrypting passwords.
	 */
	@Bean
	public PasswordEncoder passwordEncoder() {
		return NoOpPasswordEncoder.getInstance();
		
	}

	/**
	 * Registers our UserDetailsService and the password encoder to be used on login attempts.
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		super.configure(auth);
		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
	}

	/**
	 * Require login to access internal pages and configure login form.
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// Not using Spring CSRF here to be able to use plain HTML for the login page
		http.csrf().disable()

				// Register our CustomRequestCache, that saves unauthorized access attempts, so
				// the user is redirected after login.
				.requestCache().requestCache(new CustomRequestCache())

				// Restrict access to our application.
				.and().authorizeRequests()
				.antMatchers("/test", "test", "/test/", "/test/**", "/logout/success").permitAll()

				
				// Allow all flow internal requests.
				.and()
                .authorizeRequests().requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
                .anyRequest().authenticated()

				// Allow all requests by logged in users.
//				.anyRequest().hasAnyAuthority(Role.getAllRoles())

				// Configure the login page.
				.and().formLogin().loginPage(LOGIN_URL).permitAll().loginProcessingUrl(LOGIN_PROCESSING_URL)
				.failureUrl(LOGIN_FAILURE_URL)

				// Register the success handler that redirects users to the page they last tried
				// to access
				.successHandler(new SavedRequestAwareAuthenticationSuccessHandler())

				// Configure logout
				.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
	}

	/**
	 * Allows access to static resources, bypassing Spring security.
	 */
	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers(
				// Vaadin Flow static resources
				"/VAADIN/**",

				// the standard favicon URI
				"/favicon.ico",

				// the robots exclusion standard
				"/robots.txt",

				// web application manifest
				"/manifest.webmanifest",
				"/sw.js",
				"/offline-page.html",

				// icons and images
				"/icons/**",
				"/images/**",

				// (development mode) static resources
				"/frontend/**",

				// (development mode) webjars
				"/webjars/**",

				// (development mode) H2 debugging console
				"/h2-console/**",

				// (production mode) static resources
				"/frontend-es5/**", "/frontend-es6/**");
	}
}

17808506.gif

i am facing same situation. hope someone get attention to this.

It looks like that if I compile the production mode, the bug doesn’t appear.

Bernd KLB:
It looks like that if I compile the production mode, the bug doesn’t appear.

how do we compile productionMode ? … i tried “mvn clean package -PproductionMode” then spring-boot:run but doesnt change anything.
can you share the command please ?

also tried “mvn spring-boot:run -Pproduction” but console still says “Vaadin is running in DEBUG MODE.”

My settings are:
Maven profile for production build:

<profiles>
        <profile>
            <id>production-mode</id>
            <!-- Production mode can be activated with either property or profile -->
            <activation>
                <property>
                    <name>vaadin.productionMode</name>
                </property>
            </activation>

            <properties>
                <vaadin.productionMode>true</vaadin.productionMode>
            </properties>

            <dependencies>
                <dependency>
                    <groupId>com.vaadin</groupId>
                    <artifactId>flow-server-production-mode</artifactId>
                </dependency>
            </dependencies>

            <build>
                <plugins>
                    <plugin>
                        <groupId>com.vaadin</groupId>
                        <artifactId>vaadin-maven-plugin</artifactId>
                        <version>${vaadin.version}</version>
                        <executions>
                            <execution>
                                <goals>
                                	<goal>prepare-frontend</goal>
		                            <goal>build-frontend</goal>
		                        </goals>
                            </execution>
                        </executions>
                    </plugin>
                    <plugin>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-maven-plugin</artifactId>
                        <configuration>
                            <jvmArguments>-Dvaadin.productionMode</jvmArguments>
                        </configuration>
                    </plugin>
                    <plugin>
						<groupId>com.github.eirslett</groupId>
						<artifactId>frontend-maven-plugin</artifactId>
						<version>1.0</version>
						<executions>
							<execution>
								<id>install node and npm</id>
								<goals>
									<goal>install-node-and-npm</goal>
								</goals>
								<configuration>
									<nodeVersion>v10.16.0</nodeVersion>
									<npmVersion>6.9.0</npmVersion>
								</configuration>
							</execution>
						</executions>
					</plugin>
                </plugins>
            </build>
        </profile>
    </profiles>

Build artifact by:

mvn -Pproduction-mode package

Start server for example with:

java -jar -Dvaadin.productionMode target/ROOT.jar

The Root.jar is my spring boot jar file.