I tried excluding Hilla but it still doesn’t work.
In the post, I noticed that the security configuration is also mentioned. I’m not sure if they mean that they were able to run the application but occasionally see the error. I’m also not sure whether the “Lookup instance is not found in VaadinContext” error could be caused by not having the correct security configuration setup.
When I was using vaadin 14, the old configuration look like this:
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(aCustomAuthenticationProvider());
auth.authenticationProvider(bCustomAuthenticationProvider());
auth.authenticationProvider(cCustomAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// Not using Spring CSRF here to be able to use plain HTML for the login page
http.csrf().disable().authorizeRequests()
// Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
// Allow all requests by logged in users.
.anyRequest().hasAnyAuthority(xSecurityService.ROLE_USER)
//Configure the login page
.and().formLogin().loginPage(LOGIN_URL).permitAll()
.loginProcessingUrl(LOGIN_PROCESSING_URL)
.failureUrl(LOGIN_FAILURE_URL)
// Register the success handler that redirects users to the page they last tried
// to access
.successHandler(new SavedRequestAwareAuthenticationSuccessHandler())
// Configure logout
.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
}
/**
* Allows access to static resources, bypassing Spring security.
*/
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(
// client-side JS code
"/VAADIN/**",
// the standard favicon URI
"/favicon.ico",
// the robots exclusion standard
"/robots.txt",
// web application manifest
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
// icons and images
"/icons/**",
"/images/**",
// (development mode) H2 debugging console
"/h2-console/**"
);
}
Now, my configuration class looks like this:
@EnableWebSecurity
@Configuration
@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfiguration {
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(
aCustomAuthenticationProvider(),
bCustomAuthenticationProvider(),
cCustomAuthenticationProvider()
));
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { //
http.rememberMe(customizer -> customizer.alwaysRemember(false));
http.authorizeHttpRequests(auth -> auth
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
.requestMatchers("/admin-only/**").hasRole("admin")
.requestMatchers("/public/**").permitAll()
.anyRequest().hasAnyAuthority(xSecurityService.ROLE_USER)
);
http.with(com.vaadin.flow.spring.security.VaadinSecurityConfigurer.vaadin(), configurer -> {
configurer.loginView((Class<? extends Component>) LoginView.class);
});
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return web -> web.ignoring().requestMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline.html",
"/icons/**",
"/images/**",
"/h2-console/**"
);
}