Vaadin flow 23. Adding a second servlet

Hi, I’m trying to add a second servlet to a vaadin spring boot application download from

I downloaded the project from, modified the file by adding the line “vaadin.urlMapping=/ui/*” and adding a servlet 3.0 by “@WebServlet(urlPatterns = “/upload”, name = “UploadServlet”, asyncSupported = true)”

When I make requests to the upload servlet, they are always caught by the Vaadin SecurityConfiguration and redirected to the login page.
How can I exclude these invocations from the VaadinWebSecurity context?

Vaadin Flow 23.2.0, Java 17

Just wondering: is that your first spring boot application? You normally don’t need to create web servlets for something like a RestEndpoint. Further, those could be excluded / secured differently based on another SecurityFilterChain bean with a higher filter

You are correct, I am trying to migrate my old application in VAADIN 8 to Vaadin 23. That is why I need a servler to serve the requests of old clients that are not going to be migrated at the moment.