Vaadin - Payara - Keycloak : sw.js behind a redirect error

Hello, I am trying to use Vaadin in a legacy application, in conjunction with Keycloak.
As it is a legacy system, it’s not possible to use or upgrade to Spring / Spring Security.

It is using Java 11, with Payara as an application server. The Vaadin application is a PWA.
This is for the context.

So, I have manually done the whole oauth exchange process,using a Filter to handle detection of the token, redirects to keycloak login page if none, as well as a CallbackServlet redirecting to vaadin login page, which will authenticate the keycloak user using our legacy user authentication.

I realize it’s not an ideal system at all, but I can’t modify it for now.
The problem I encounters is the following : after keycloak whole authentication process, I use an HTTP redirection (302 Location) to get the user to our app homepage.

While doing this, there are some elements that are subjected to the redirection, the problematic one being sw.js file. And as Chrome indicated, it is disallowed to have a script behind a redirection.

I may be able to give some parts of software (excluding redacted parts of course), but even though it is not a perfect solution, is there any way to handle Keycloak authentication while keeping Payara & Vaadin ? For the redirection, we thought of having an intermediate element (like a Servlet) handling the redirection, but using a different way, without a HTTP 302, but we’re unsure if it’s the right way.

Any tips or ideas ? I realize it’s a very specific situation.

Vaadin 7 / 8 did not have @PWA and sw.js (service worker), so are you using Vaadin 14, 23 or 24 instead?

Oh, you’re indeed right. My mistake, it’s Vaadin 23.
Is there a way to move the topic to a more appropriate place if need be ? New to this forum, not sure how or where.

Hello, as of now, we have paused on the subject, as we have not yet found a suitable solution.

Is there any solution or suitable workaround (for a production environment) to handle this ?

ServiceWorkers (and all kind of strong caching) can be quite a PITA to maintain. Probably the autogenerated sw is “stealing” the redirect coming from Keycloak. You can override it (I rembember there was some hack needed previously, but don’t remember details).

Depending a bit of your case, and if modifying service worker behaviour is not your top skills, an easier solution might be to put a Vaadin app to a separate context.