Vaadin takes forever to load with VAADIN 24.8.3 + Spring Boot 3.5.3 + Security

I’m new to Vaadin and using version 24.8.3 mit Spring Boot 3.5.3. When I try to access “https://localhost:8443,” Vaadin takes forever to load (the progress bar at the top of the browser window keeps restarting).

I appreciate any help. I just can’t get any further.

Here now my code:

Vaadin MainView

import com.vaadin.flow.component.button.Button;
import com.vaadin.flow.component.notification.Notification;
import com.vaadin.flow.component.orderedlayout.VerticalLayout;
import com.vaadin.flow.server.auth.AnonymousAllowed;
import com.vaadin.flow.router.Route;
import jakarta.annotation.security.PermitAll;

@Route("")
@PermitAll
@AnonymousAllowed
public class MainView extends VerticalLayout {

    public MainView() {
        Button button = new Button("Click me", event -> 
            Notification.show("Hello, World!")
        );
        add(button);
    }
}

My SecurityConfig

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import com.github.sm_a.bewmgm_server_spring.spring_sec.zitadel.ZitadelGrantedAuthoritiesMapper;
import com.vaadin.flow.spring.security.VaadinWebSecurity;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends VaadinWebSecurity {
    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/stripe_static/**",
                "/stripepay/**",
                "/").permitAll()
                .requestMatchers("/api/**", "/graphql").authenticated()
            )
            .oauth2Login(oauth2Login -> oauth2Login
                .userInfoEndpoint(userInfo -> userInfo.userAuthoritiesMapper(this.userAuthoritiesMapper())))
            .logout(logout -> logout.logoutSuccessHandler(this.oidcLogoutSuccessHandler()));

        // Call Vaadin's configuration last
        super. Configure(http);

        // Optional: set a custom login view for Vaadin
        //setLoginView(http, "/login");
    }

    private GrantedAuthoritiesMapper userAuthoritiesMapper() {
        return new ZitadelGrantedAuthoritiesMapper();
    }

    private LogoutSuccessHandler oidcLogoutSuccessHandler() {
        OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler =
            new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
        oidcLogoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
        return oidcLogoutSuccessHandler;
    }
}

really hard to say with so little information. Did you check with the Developer Tool in your browser? Especially the network tab which request(s) took so long?

I have made a screenshot from my Google Chrome Network tab I hope you find the error:

Vaadin Google Chrome Network sorted by time1920×1080 244 KB

Only thing that comes to mind: you were talking about https and port 8443 - your screenshot is showing http and 8080

Yes, that’s correct. I first tried a TLS certificate in Spring Boot 3.5 on port 8443. Then I tried without a TLS certificate on port 8080, but without success.

Is this problem only on your local computer and not on a real server? Might be a problem with your Antivirus software or other slowing things…

Tomorrow I’ll try installing the project on my web server. We’ll see if it works. I only have ClamAV as my virus scanner on my Linux and macOS (Bitdefender virus scanner) system (the same behavior on both), and it’s configured to only warn without taking action.

How do you run the application?

I run the application with the following command:
./gradlew clean bootRun

It would be great if you could share the project or create a simple example where this happens.

I will create a sample project tomorrow.