Hello,
I am experimenting with Vaadin 8 with Spring Boot and would like to add Spring Security to implement a simple form based login. As soon as I add my WebSecurityConfig, I only receive 404 errors. What am I missing here? When I remove the annotations from the WebSecurityConfig, the form is shown, as soon as I activate it, I receive a 404 error for the login page.
This is my main:
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
This is the login page:
@SpringView(name = LoginView.VIEW_NAME)
public class LoginView extends CustomComponent implements View {
public static final String VIEW_NAME = "login";
TextField email = new TextField("email");
TextField password = new TextField("password");
Button login = new Button("Login");
@Autowired
public LoginView() {
Panel loginPanel = new Panel("Login");
// Create a layout inside the panel
final FormLayout loginLayout = new FormLayout();
// Add some components inside the layout
loginLayout.addComponent(email);
loginLayout.addComponent(password);
loginLayout.addComponent(login);
loginLayout.addComponent(login);
loginPanel.setContent(loginLayout);
setCompositionRoot(loginPanel);
}
}
This is the UI
@Theme("valo")
@SpringUI
@SpringViewDisplay
public class VaadinUI extends UI {
private Navigator navigator;
@Override
protected void init(VaadinRequest request) {
VerticalLayout mainLayout = new VerticalLayout();
LoginView loginView = new LoginView(repo);
mainLayout.addComponent(loginView);
mainLayout.setSizeFull();
mainLayout.setComponentAlignment(loginView, Alignment.MIDDLE_CENTER);
setContent(mainLayout);
}
}
And finally, this is the Configuration
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().permitAll()
.and()
.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/resources/**", "/VAADIN/**");
}
}
I would expect this to redirect any non-authenticated user to the login page. But I only end up at the blank error page.
Any ideas?