Vaadin 8 and Spring Boot Security leads to 404 errors

Hello,
I am experimenting with Vaadin 8 with Spring Boot and would like to add Spring Security to implement a simple form based login. As soon as I add my WebSecurityConfig, I only receive 404 errors. What am I missing here? When I remove the annotations from the WebSecurityConfig, the form is shown, as soon as I activate it, I receive a 404 error for the login page.

This is my main:

@SpringBootApplication
public class DemoApplication {

	public static void main(String[] args) {
		SpringApplication.run(DemoApplication.class, args);
	}
}

This is the login page:

@SpringView(name = LoginView.VIEW_NAME)
public class LoginView extends CustomComponent implements View {
    public static final String VIEW_NAME = "login";

    TextField email = new TextField("email");
    TextField password = new TextField("password");
    Button login = new Button("Login");

    @Autowired
    public LoginView() {
      
        Panel loginPanel = new Panel("Login");
      
        // Create a layout inside the panel
        final FormLayout loginLayout = new FormLayout();
        // Add some components inside the layout
        loginLayout.addComponent(email);
        loginLayout.addComponent(password);
        loginLayout.addComponent(login);
        loginLayout.addComponent(login);
        loginPanel.setContent(loginLayout);
        setCompositionRoot(loginPanel);
    }
}

This is the UI

@Theme("valo")
@SpringUI
@SpringViewDisplay
public class VaadinUI extends UI {
    private Navigator navigator;

@Override
    protected void init(VaadinRequest request) {

        VerticalLayout mainLayout = new VerticalLayout();

        LoginView loginView = new LoginView(repo);

        mainLayout.addComponent(loginView);

        mainLayout.setSizeFull();

        mainLayout.setComponentAlignment(loginView, Alignment.MIDDLE_CENTER);

        setContent(mainLayout);


    }
}

And finally, this is the Configuration

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login").permitAll()
                .and()
                .logout().permitAll()
                .and()
                .csrf().disable();

    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/resources/**", "/VAADIN/**");
    }
}

I would expect this to redirect any non-authenticated user to the login page. But I only end up at the blank error page.
Any ideas?