Spring app with Security

Flow
1

Hi guys,
I am working on a Vaadin Spring project. I have implemented Spring Security like in the Bakery App, but i always get an error in my browser on logout:

Refused to execute script from ‘http://localhost:8181/login’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.

LoginView

@Route
@PageTitle("Login")
@Viewport("width=device-width, minimum-scale=1, initial-scale=1, user-scalable=yes, viewport-fit=cover")
public class LoginView extends LoginOverlay implements AfterNavigationObserver, BeforeEnterObserver {

    public LoginView(){
        LoginI18n i18n = LoginI18n.createDefault();
        i18n.setHeader(new LoginI18n.Header());
        i18n.getHeader().setTitle("Some title");
        i18n.setAdditionalInformation(null);
        i18n.setForm(new LoginI18n.Form());
        i18n.getForm().setSubmit("Sign in");
        i18n.getForm().setTitle("Sign in");
        i18n.getForm().setUsername("Email");
        i18n.getForm().setPassword("Password");
        setI18n(i18n);
        setForgotPasswordButtonVisible(false);
        setAction("login");
    }

    @Override
    public void afterNavigation(AfterNavigationEvent afterNavigationEvent) {
        setError(afterNavigationEvent.getLocation().getQueryParameters().getParameters().containsKey("error"));
    }

    @Override
    public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {
        if (SecurityUtils.isUserLoggedIn()) {
            beforeEnterEvent.forwardTo(CalendarView.class);
        } else {
            setOpened(true);
        }
    }

I have a MainView extending Applayout and a Calendar view which is in the menu.

CalendarView

@Route(value = "calendar", layout = MainView.class)
@RouteAlias(value = "", layout = MainView.class)
@PageTitle("Calendar")
public class CalendarView extends SplitLayout {

}

SecurityConfiguration

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .requestCache().requestCache(new CustomRequestCache())
                .and()

                .authorizeRequests()
                .requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()

                .antMatchers("/api/**").permitAll()

                .anyRequest().authenticated()

                .and()

                .formLogin().loginPage("/login").permitAll()
                .loginProcessingUrl("/login")
//                .successForwardUrl("/calendar")
                .failureUrl("/login?error").permitAll()

                .and().logout().logoutSuccessUrl("/calendar");
    }

I have added screenshots of login and logout browser debugging.

2

Vladislav Marinov:
Hi guys,
I am working on a Vaadin Spring project. I have implemented Spring Security like in the Bakery App, but i always get an error in my browser on logout:

Refused to execute script from ‘http://localhost:8181/login’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.

LoginView

@Route
@PageTitle("Login")
@Viewport("width=device-width, minimum-scale=1, initial-scale=1, user-scalable=yes, viewport-fit=cover")
public class LoginView extends LoginOverlay implements AfterNavigationObserver, BeforeEnterObserver {

    public LoginView(){
        LoginI18n i18n = LoginI18n.createDefault();
        i18n.setHeader(new LoginI18n.Header());
        i18n.getHeader().setTitle("Some title");
        i18n.setAdditionalInformation(null);
        i18n.setForm(new LoginI18n.Form());
        i18n.getForm().setSubmit("Sign in");
        i18n.getForm().setTitle("Sign in");
        i18n.getForm().setUsername("Email");
        i18n.getForm().setPassword("Password");
        setI18n(i18n);
        setForgotPasswordButtonVisible(false);
        setAction("login");
    }

    @Override
    public void afterNavigation(AfterNavigationEvent afterNavigationEvent) {
        setError(afterNavigationEvent.getLocation().getQueryParameters().getParameters().containsKey("error"));
    }

    @Override
    public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {
        if (SecurityUtils.isUserLoggedIn()) {
            beforeEnterEvent.forwardTo(CalendarView.class);
        } else {
            setOpened(true);
        }
    }

I have a MainView extending Applayout and a Calendar view which is in the menu.

CalendarView

@Route(value = "calendar", layout = MainView.class)
@RouteAlias(value = "", layout = MainView.class)
@PageTitle("Calendar")
public class CalendarView extends SplitLayout {

}

SecurityConfiguration

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .requestCache().requestCache(new CustomRequestCache())
                .and()

                .authorizeRequests()
                .requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()

                .antMatchers("/api/**").permitAll()

                .anyRequest().authenticated()

                .and()

                .formLogin().loginPage("/login").permitAll()
                .loginProcessingUrl("/login")
//                .successForwardUrl("/calendar")
                .failureUrl("/login?error").permitAll()

                .and().logout().logoutSuccessUrl("/calendar");
    }

I have added screenshots of login and logout browser debugging.

17873185.png
17873188.png