I have created a vaadin flow application using 14.1.2 version and configured with Keycloak Identity Server.
The Security Configuration is like this
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// http.authorizeRequests().and().csrf().disable();
http.httpBasic().disable();
http.formLogin().disable();
http.anonymous().disable();
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/vaadinServlet/UIDL/**").permitAll()
.antMatchers("/vaadinServlet/HEARTBEAT/**").permitAll()
.anyRequest().authenticated()
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll();
http
.logout()
.addLogoutHandler(keycloakLogoutHandler())
.logoutUrl("/sso/logout").permitAll()
.logoutSuccessUrl("/");
http
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class);
http
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint());
http
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy());
}
All are working correctly until the keycloak session expires. Then I get a notification “Server connection lost, trying to reconnect” and only if I press refresh in browser I am being forwared to login page of keycloak.
Any idea how to configure properly?