mmo
Reputation: 4214
Vaadin: You are asking Spring Security to ignore... This is not recommended?
While starting up my application I see the following warning in my log:
...
2022-09-05 09:14:56,557 WARN [main] org.springframework.security.config.annotation.web.builders.WebSecurity:
You are asking Spring Security to ignore Or [Ant [pattern='/favicon.ico'], Ant [pattern='/manifest.webmanifest'], Ant [pattern='/sw.js'], Ant [pattern='/sw-runtime-resources-precache.js'], Ant [pattern='/offline.html'], Ant [pattern='/offline-stub.html'], Ant [pattern='/icons/icon.png'], Ant [pattern='/themes/**'], Ant [pattern='/icons/icon-144x144.png'], Ant [pattern='/icons/icon-192x192.png'], Ant [pattern='/icons/icon-512x512.png'], Ant [pattern='/icons/icon-16x16.png'], Ant [pattern='/icons/icon-32x32.png'], Ant [pattern='/icons/icon-96x96.png'], Ant [pattern='/icons/icon-180x180.png'], Ant [pattern='/icons/icon-2048x2732.png'], Ant [pattern='/icons/icon-2732x2048.png'], Ant [pattern='/icons/icon-1668x2388.png'], Ant [pattern='/icons/icon-2388x1668.png'], Ant [pattern='/icons/icon-1668x2224.png'], Ant [pattern='/icons/icon-2224x1668.png'], Ant [pattern='/icons/icon-1620x2160.png'], Ant [pattern='/icons/icon-2160x1620.png'], Ant [pattern='/icons/icon-1536x2048.png'], Ant [pattern='/icons/icon-2048x1536.png'], Ant [pattern='/icons/icon-1284x2778.png'], Ant [pattern='/icons/icon-2778x1284.png'], Ant [pattern='/icons/icon-1170x2532.png'], Ant [pattern='/icons/icon-2532x1170.png'], Ant [pattern='/icons/icon-1125x2436.png'], Ant [pattern='/icons/icon-2436x1125.png'], Ant [pattern='/icons/icon-1242x2688.png'], Ant [pattern='/icons/icon-2688x1242.png'], Ant [pattern='/icons/icon-828x1792.png'], Ant [pattern='/icons/icon-1792x828.png'], Ant [pattern='/icons/icon-1242x2208.png'], Ant [pattern='/icons/icon-2208x1242.png'], Ant [pattern='/icons/icon-750x1334.png'], Ant [pattern='/icons/icon-1334x750.png'], Ant [pattern='/icons/icon-640x1136.png'], Ant [pattern='/icons/icon-1136x640.png']].
This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
...
Please advise what do I need to do/add to get rid of that warning.
My SecurityConfiguration looks like so (as copied from an Example-Application):
...package and imports omitted for brevity
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends VaadinWebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
setLoginView(http, LoginView.class);
}
@Bean
@Override
public UserDetailsService userDetailsService() {
... omitted user details handling for brevity ...
}
}
I am using Vaadin 23.1.2 and Java 17.
Upvotes: 5
Views: 6587
Answers (1)
Simon Martinelli
Reputation: 36203
You can ignore the warning.
An issue is already reported and this will be fixed soon
https://github.com/vaadin/flow/issues/13868
Upvotes: 2
Related Questions
- Spring security with vaadin combined with thymeleaf
- Vaadin and Spring Security: "/VAADIN/**" route
- Vaadin using SpringSecurity authentication
- Spring Boot Security with Vaadin Login
- How to handle access denied in Vaadin using Spring Security
- Vaadin 7 + Spring Boot Security handle Access Dined exceptions
- Vaadin 7.1 + Spring-Security Integration running in Tomcat Server
- spring security and VAADIN
- Java Config for Spring Security with Vaadin
- Integrating spring and vaadin