Vaadin 23.2 Upgrade Custom WebSocket Not Working

I upgraded my project to Vaadin 23.2 and also updated the the Security Configuration to the new VaadinWebSecurity. I did not change anything in the config.

Since then my custom WebSocket is returning the following when connecting (and therefore not working anymore):


This seems like some Vaadin related response. Maybe Vaadin is overwriting my custom socket configuration.


public class WebsocketConfig implements WebSocketConfigurer {

    private final WebsocketHandler websocketHandler;

    public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
                .addHandler(websocketHandler, SecurityConfiguration.WEBSOCKET)
                .addInterceptors(new HandshakeInterceptor() {

Vaadin doesn’t overwrite it, but it’s highly possible that you have to change something because of the Spring Security change to SecurityFilterChain. Looks like Ordering could be a problem here.

My http configure looks smth like this. I am not sure what to change.

    protected void configure(HttpSecurity http) throws Exception {



        setLoginView(http, LoginView.class, "/login");


You can create your own SecurityFilterChain with an higher order

But then I cannot use VaadinWebSecurity, which means I have to copy the logic of this class which is also not working since it is using internal functions.

That’s not true - Vaadin’s new VaadinWebSecurity is based on SecurityFilterChain as well and therefore multiple SecurityFilterChain can be registered and used in conjunction.

I am not able to figure out how to get it running.
I created a simple sample application here.

If anyone has an idea how to correctly register the custom WebSocket Handler in another SecurityFilterChain let me know.

Update for anyone else looking:
This is a bug, workaround available: