Forget Password View

Hello,

I’m trying to implement Forget Password functionality in my Vaadin 14 Application and I can’t get the ForgetPasswordView to open.
I routed it like any other View in my app using @Route(“forgotpassword”).
I try to acces it: UI.getCurrent().navigate(“forgotpassword”);

But it just won’t show up. Should @Route contain somthing else also. What am I missing?

Looks ok to me based on what you shared.

You can navigate using:

UI.getCurrent().navigate(ForgetPasswordView.class);

Yes, but the String parameter should work too.

Olli Tietäväinen:
Yes, but the String parameter should work too.

Yes, exactly. I tried that too. And it works as well. I dont know what is the problem here!

Thank you for the reply. I think it is a Spring Security issue, then. I tried something like: .antMatchers("/forgotpassword**").permitAll()

I tried
web.ignoring().antMatchers("/forgotpassword**")

The search bar shows: http://localhost:8080/forgotpassword but it won’t go to that location. Login page is present still.

Can you show your security configuration code??

Thank you for the reply. I think it is a Spring Security issue, then. I tried something like: .antMatchers("/forgotpassword**").permitAll()

I tried
web.ignoring().antMatchers("/forgotpassword**")

The search bar shows: http://localhost:8080/forgotpassword but it won’t go to that location. Login page is present still.

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    public static final String DUMMY_LOGIN = "admin";

    private static final String LOGIN_PROCESSING_URL = "/login";
    private static final String LOGIN_FAILURE_URL = "/login?error";
    private static final String LOGIN_URL = "/login";
    private static final String LOGOUT_SUCCESS_URL = "/login";

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private CompanyService companyService;

    @Autowired
    private DummyCurrentLogin dummyCurrentLogin;


    /**
     * Registers our UserDetailsService and the password encoder to be used on login attempts.
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().antMatcher("/forgotpassword**")

                // Register our CustomRequestCache that saves unauthorized access attempts, so
                // the user is redirected after login.
                .requestCache().requestCache(new CustomRequestCache()) //

                // Restrict access to our application.
                .and().authorizeRequests()

        .antMatchers("/forgotpassword").permitAll()
                // Allow all flow internal requests.
                .requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll() //

                // Secure access to Users view.
                .antMatchers("/users/**").hasAnyAuthority(UserRole.SUPER_ADMIN.name(), UserRole.ADMIN.name())

                // Secure access to Companies view.
                .antMatchers("/companies/**").hasAuthority(UserRole.SUPER_ADMIN.name())
//                .antMatchers(
//                        "/forgotpassword**").permitAll()
                // Allow all requests by logged in users.
                .anyRequest().authenticated() //

                // Configure the login page.
                .and().formLogin().loginPage(LOGIN_URL).permitAll() //
                .loginProcessingUrl(LOGIN_PROCESSING_URL) //
                .failureUrl(LOGIN_FAILURE_URL)

                // Configure logout
                .and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
    }


    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(
                "/VAADIN/**",
                "/favicon.ico",
                "/robots.txt",
                "/manifest.webmanifest",
                "/sw.js",
                "/offline.html",
                "/icons/**",
                "/images/**",
                "/styles/**",
                "/h2-console/**");
    }

    /**
     * The password encoder to use when encrypting passwords.
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
    public CurrentLogin currentLogin(UserRepository userRepository) {
        final String username = SecurityUtils.getUsername();
        if (DUMMY_LOGIN.equals(username)) {
            return dummyCurrentLogin.get();
        }
        Optional<User> optionalUser = userRepository.findByEmailIgnoreCase(username);
        if (optionalUser.isPresent()) {
            Optional<Company> optionalCompany = companyService.findById(optionalUser.get().getCompanyId());
            if (optionalCompany.isPresent()) {
                return new CurrentLoginImpl(optionalUser.get(), optionalCompany.get());
            }
        }
        return null;
    }

}

Your code looks fine and it should work. I don’t know why it’s not working. According to your code, “/forgotpassword” doesn’t need any authentication.