Исключить URL-пути от маршрутизатора vaadin в потоке vaadin 14

Question

Исключить URL-пути от маршрутизатора vaadin в потоке vaadin 14

Я пытаюсь включить "сторонний" URL-адрес в приложение для загрузки vaadin 14 + spring, а именно URL-адрес перенаправления Spring-security для единого входа в '/oauth2/authorization/github'. Однако сервлет vaadin, кажется, перехватывает этот URL-адрес и показывает сообщение об ошибке, что маршрут неизвестен.

Не удалось перейти к 'oauth2 / authorization / github'
Причина: не удалось найти маршрут для 'oauth2 / authorization / github'

Как этого можно избежать и получить доступ к URL-адресу oauth2? Я проверил документацию vaadin, но не нашел информации о том, как исключить определенные пути из обычного механизма навигации маршрутизатора. Учебник по spring -boot oauth2 взят с официального сайта Spring https://spring.io/guides/tutorials/spring-boot-oauth2/, и были добавлены следующие зависимости:

    <dependency>
        <groupId>com.vaadin</groupId>
        <artifactId>vaadin</artifactId>
    </dependency>
    <dependency>
        <groupId>com.vaadin</groupId>
        <artifactId>vaadin-spring-boot-starter</artifactId>
    </dependency>

WebSecurityConfigurerAdapter правильно установлен, так как стандартная Spring-security показывает вышеупомянутую ссылку GitHub Auth в корне '/' страницы. Также для корневой страницы не отображается ошибка неизвестного маршрута.

Я также пробовал пример в https://vaadin.com/learn/tutorials/securing-your-app-with-spring-security/setting-up-spring-security, и он работает для обычной страницы входа, но снова не позволяет посещать oauth2 ссылка.

Требуется ли реализовать фильтр запросов, который отправляет это, или можно где-то настроить исключение?

изменить: как запрошено здесь WebSecurityAdapterConfigurer

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                // Register our CustomRequestCache, that saves unauthorized access attempts, so
                // the user is redirected after login.
                .requestCache().requestCache(new CustomRequestCache())

                // Restrict access to our application.
                .and().authorizeRequests()

                // Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
                // Allow all requests by logged in users.
                .anyRequest().authenticated()

                // Configure the login page.
                .and().oauth2Login()
                .and().formLogin().loginPage(LOGIN_URL).permitAll().loginProcessingUrl(LOGIN_PROCESSING_URL)
                .failureUrl(LOGIN_FAILURE_URL)
                // Configure logout
                .and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(
                // Vaadin Flow static resources
                "/VAADIN/**",
                // the standard favicon URI
                "/favicon.ico",
                // the robots exclusion standard
                "/robots.txt",
                // web application manifest
                "/manifest.webmanifest",
                "/sw.js",
                "/offline-page.html",
                // icons and images
                "/icons/**",
                "/images/**",
                // (development mode) static resources
                "/frontend/**",
                // (development mode) webjars
                "/webjars/**",
                // (development mode) H2 debugging console
                "/h2-console/**",
                // (production mode) static resources
                "/frontend-es5/**", "/frontend-es6/**",
                // oauth2
                "/user/**",
                "/oauth2/**"
        );
    }

После проверки руководства, которое прокомментировал @anasmi, выяснилось, что конфигурация WebSecurity, содержащая antmatcher oauth, изначально была неправильной.

Эффект, который теперь можно наблюдать, заключается в том, что фильтр oauth2 безопасности spring перенаправляет на / login, который не отображает страницу, настроенную для маршрута vaadin, а по умолчанию со ссылкой для авторизации на github.

Вот журнал отладки, если он помогает понять, что происходит:

onTranslationFilter     : Calling Authentication entry point.
uthenticationEntryPoint : Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5be8fdbf, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
her.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
.NegatedRequestMatcher  : matches = true
her.AndRequestMatcher   : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@5be8fdbf, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
TypeRequestMatcher      : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
TypeRequestMatcher      : Processing text/html
TypeRequestMatcher      : application/xhtml+xml .isCompatibleWith text/html = false
TypeRequestMatcher      : image/* .isCompatibleWith text/html = false
TypeRequestMatcher      : text/html .isCompatibleWith text/html = true
her.AndRequestMatcher   : All requestMatchers returned true
uthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@20728225
RedirectStrategy        : Redirecting to 'http://localhost:8080/login'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/frontend-es6/**'
FilterChainProxy        : /login at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /login at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /login at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /login at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /login at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : /login at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/login'; against '/login/oauth2/code/*'
FilterChainProxy        : /login at position 7 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
.AntPathRequestMatcher  : Request 'GET /login' doesn't match 'POST /login'
FilterChainProxy        : /login at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/frontend-es6/**'
FilterChainProxy        : /oauth2/authorization/github at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /oauth2/authorization/github at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /oauth2/authorization/github at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /oauth2/authorization/github at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /oauth2/authorization/github' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /oauth2/authorization/github at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/oauth2/authorization/{registrationId}'
.AntPathRequestMatcher  : Checking match of request : '/oauth2/authorization/github'; against '/oauth2/authorization/{registrationId}'
RedirectStrategy        : Redirecting to 'https://github.com/login/oauth/authorize?response_type=code&client_id=3a39e84cc95590698a1b&scope=read:user&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D&redirect_uri=http://localhost:8080/login/oauth2/code/github'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/frontend-es6/**'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
curityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fe150b5. A new one will be created.
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/github' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : /login/oauth2/code/github?code=c8b1870a2477fef6f032&state=yaVXu6gS7Zcwud2oT_SWsbkj-DbxxxqF46lQ%3D at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/github'; against '/login/oauth2/code/*'
ginAuthenticationFilter : Request is to process authentication
ion.ProviderManager     : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
stTemplate              : HTTP POST https://github.com/login/oauth/access_token
stTemplate              : Accept=[application/json, application/*+json]
stTemplate              : Writing [{grant_type=[authorization_code], code=[c8b1870a2477fef6f032], redirect_uri=[http://localhost:8080/login/oauth2/code/github]}] as "application/x-www-form-urlencoded;charset=UTF-8"
stTemplate              : Response 200 OK
stTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
stTemplate              : HTTP GET https://api.github.com/user
stTemplate              : Accept=[application/json, application/*+json]
stTemplate              : Response 200 OK
stTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
nAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@10bebcb4
ginAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@19bf8c7c
nticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/
RedirectStrategy        : Redirecting to 'http://localhost:8080/'
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
curityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@19bf8c7c'
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/'; against '/VAADIN/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/favicon.ico'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/robots.txt'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/manifest.webmanifest'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/sw.js'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/offline-page.html'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/icons/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/images/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/webjars/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/h2-console/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend-es5/**'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/frontend-es6/**'
FilterChainProxy        : / at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy        : / at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
curityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@19bf8c7c'
FilterChainProxy        : / at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
FilterChainProxy        : / at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
.AntPathRequestMatcher  : Checking match of request : '/'; against '/logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'PUT /logout'
tcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'DELETE /logout'
tcher.OrRequestMatcher  : No matches found
FilterChainProxy        : / at position 5 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/oauth2/authorization/{registrationId}'
FilterChainProxy        : / at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/login/oauth2/code/*'
FilterChainProxy        : / at position 7 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /login'
FilterChainProxy        : / at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
FilterChainProxy        : / at position 9 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
.AntPathRequestMatcher  : Checking match of request : '/'; against '/logout'
FilterChainProxy        : / at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
SavedRequest            : pathInfo: both null (property equals)
SavedRequest            : queryString: both null (property equals)
SavedRequest            : requestURI: arg1=/; arg2=/ (property equals)
SavedRequest            : serverPort: arg1=8080; arg2=8080 (property equals)
SavedRequest            : requestURL: arg1=http://localhost:8080/; arg2=http://localhost:8080/ (property equals)
SavedRequest            : scheme: arg1=http; arg2=http (property equals)
SavedRequest            : serverName: arg1=localhost; arg2=localhost (property equals)
SavedRequest            : contextPath: arg1=; arg2= (property equals)
SavedRequest            : servletPath: arg1=/; arg2=/ (property equals)
FilterChainProxy        : / at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
FilterChainProxy        : / at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
FilterChainProxy        : / at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
FilterChainProxy        : / at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
FilterChainProxy        : / at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
rSecurityInterceptor    : Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@201c9f26, returned: 1
rSecurityInterceptor    : Authorization successful
rSecurityInterceptor    : RunAsManager did not change Authentication object
FilterChainProxy        : / reached end of additional filter chain; proceeding with original chain
ispatcherServlet        : GET "/", parameters={}
impleUrlHandlerMapping  : Mapped to org.springframework.web.servlet.mvc.ServletForwardingController@46beee3b
iters.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@169ed862
ispatcherServlet        : Completed 200 OK
onTranslationFilter     : Chain processed normally
ontextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
.AntPathRequestMatcher  : Checking match of request : '/VAADIN/build/webcomponentsjs/webcomponents-loader.js'; against '/VAADIN/**'
FilterChainProxy        : /VAADIN/build/webcomponentsjs/webcomponents-loader.js has an empty filter list
ispatcherServlet        : GET "/VAADIN/build/webcomponentsjs/webcomponents-loader.js", parameters={}
impleUrlHandlerMapping  : Mapped to org.springframework.web.servlet.mvc.ServletForwardingController@46beee3b

1

spring-security vaadin vaadin-flow spring5

Источник

user1615430 12 июн '20 в 13:47

1 ответ

Решение

Другие вопросы по тегам spring-security vaadin vaadin-flow spring5

user13526847 12 июл '20 в 00:06 2020-07-12 00:06 · Accepted Answer · 2020-07-12 00:06

Возможно, вас укусил учебник Vaadin, пример кода которого, если вы использовали его в своем приложении, в основном удалил ваши antmatchers и свойства конфигурации http из общего уравнения.

Проблема в классе ConfigureUIServiceInitListener.java

 private void beforeEnter(BeforeEnterEvent event) {
    if (!LoginView.class.equals(event.getNavigationTarget()) // 
        && !SecurityUtils.isUserLoggedIn()) { // 
        event.rerouteTo(LoginView.class); // 
    }
}

Я столкнулся с аналогичной проблемой при попытке заставить страницу регистрации работать. Все неавторизованные запросы перенаправляются на URL-адрес входа. Ничто из того, что вы сделаете, не сможет изменить это, пока вы не сделаете что-то подобное в этом методе класса, если вы последовали их совету и использовали его для защиты входа в систему Vaadin:

   private void beforeEnter(BeforeEnterEvent event) {
        if (!LoginView.class.equals(event.getNavigationTarget()) && !**RegisterView.class.equals**(event.getNavigationTarget())//
                && !SecurityUtils.isUserLoggedIn()) { //
            event.rerouteTo(LoginView.class); // 
        }
    }

Очевидно, что наши варианты использования немного отличаются. Но именно здесь вам нужно будет создать случай исключения, потому что в противном случае метод beforeEnter будет разрешать только аутентифицированным запросам доступ к внутреннему событию платформы. Все, кроме LoginView, будет перенаправлено на / login. Все ваши попытки забить Spring Security и разрешить доступ к вашему URL для пользователя, который еще не прошел аутентификацию, будут бесплодны!

Это очень раздражает в том смысле, что нужно настроить безопасность http, а затем убедиться, что в этот метод добавлены новые исключения.