VaadinWebSecurity breaking navigation?

I just decided to upgrade Vaadin 23 to a newer version and swap VaadinWebSecurityConfigurerAdapter to the newer class VaadinWebSecurity

This is the config class setup, it was working before changing it.


@EnableWebSecurity
@Configuration
public class AdminSecurityConfig extends VaadinWebSecurity {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
            .and()
            .authorizeRequests()
            .antMatchers("/").anonymous()
            .antMatchers("/b2c-groups/**").permitAll()
            .antMatchers("/add-course", "/courses/*", "/upload-course", "/bookings").permitAll()
            .and()
            .oauth2Login()
            .and()
            .logout();

        super.configure(http);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        web.ignoring().antMatchers("/images/*.png");
        web.ignoring().antMatchers("/");
    }

There is no errors being logged, but when starting in Dev mode the Index page and other pages are broken (see attached screenshot)

Reverting back to the old parent class (VaadinWebSecurityConfigurerAdapter) it works again.

Is there something different I need to do?
image.png

So you are navigating to http://localhost:8080 and do you have @AnonymousAllowed on that Route?

Yea localhost:8080 and no annotation, have been doing it through AntMatchers before, will try adding it now

Ok interesting, index is working but when trying to navigate to any other page it is still broken. I will try adding annotations there

antMatchers is deprecated you should use

http.authorizeRequests().requestMatchers(new AntPathRequestMatcher("/images/*.png")).permitAll();