CODEWITHSUNDEEP
springspring-bootvaadin24
Shavqat Ibrohimov
Shavqat Ibrohimov

Reputation: 9

Spring Security Vaadin 24 not allow permitAll in configuration class but allow in on view level

package com.fractal.security;
import com.fractal.views.LoginView;
import com.fractal.views.about.AboutView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurity {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
                .requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
        super.configure(http);
        setLoginView(http, LoginView.class);

    }

    @Override
    protected void configure(WebSecurity web) throws Exception {
            web.ignoring().requestMatchers(
                 "/VAADIN/**",
                "/favicon.ico",
                "/robots.txt",
                "/manifest.webmanifest",
                "/sw.js",
                "/offline.html",
                "/icons/**",
                "/images/**",
                "/styles/**",
                "/h2-console/**");
        super.configure(web);
    }

    @Bean
    UserDetailsManager userDetailsManager(){
        return new InMemoryUserDetailsManager(
                User.withUsername("test")
                        .password("{noop}test")
                        .roles("USER")
                        .build()

        );
    }
}

When i'am trying to open any url it is not loading the view. But if I will annotate the view . with @PermitAll annotation it will work. How to solve it on configuration class level How to fix it anybody can help me on it.

Upvotes: 0

Views: 421

Answers (1)

Tatu Lund
Tatu Lund

Reputation: 10643

This is working as expected. @DenyAll is the assumed default if there is nothing specified. So you must have either @PermitAll, @AnonymousAllowed or @RolesAllowed there.

Upvotes: 1

Related Questions