diff --git a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java index addbb55f10a..1ab258573d7 100644 --- a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java +++ b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java @@ -15,10 +15,6 @@ */ package com.vaadin.flow.spring.security; -import javax.crypto.SecretKey; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.LinkedHashMap; import java.util.Objects; @@ -26,11 +22,15 @@ import java.util.stream.Collectors; import java.util.stream.Stream; +import javax.crypto.SecretKey; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; @@ -39,7 +39,6 @@ import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.jose.jws.MacAlgorithm; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.access.AccessDeniedHandlerImpl; @@ -231,12 +230,6 @@ public static RequestMatcher getDefaultHttpSecurityPermitMatcher( .map(path -> RequestUtil.applyUrlMapping(urlMapping, path)) .forEach(paths::add); - String mappedRoot = RequestUtil.applyUrlMapping(urlMapping, ""); - if (!"/".equals(mappedRoot)) { - // When using an url path, static resources are still fetched from - // /VAADIN/ in the context root - paths.add("/VAADIN/**"); - } return new OrRequestMatcher(paths.build() .map(AntPathRequestMatcher::new).collect(Collectors.toList())); } @@ -302,19 +295,19 @@ protected void setLoginView(HttpSecurity http, String hillaLoginViewPath) * the http security from {@link #filterChain(HttpSecurity)} * @param hillaLoginViewPath * the path to the login view - * @param logoutUrl + * @param logoutSuccessUrl * the URL to redirect the user to after logging out * @throws Exception * if something goes wrong */ protected void setLoginView(HttpSecurity http, String hillaLoginViewPath, - String logoutUrl) throws Exception { + String logoutSuccessUrl) throws Exception { hillaLoginViewPath = applyUrlMapping(hillaLoginViewPath); FormLoginConfigurer formLogin = http.formLogin(); formLogin.loginPage(hillaLoginViewPath).permitAll(); formLogin.successHandler( getVaadinSavedRequestAwareAuthenticationSuccessHandler(http)); - http.logout().logoutSuccessUrl(logoutUrl); + http.logout().logoutSuccessUrl(logoutSuccessUrl); http.exceptionHandling().defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(hillaLoginViewPath), AnyRequestMatcher.INSTANCE); @@ -343,14 +336,14 @@ protected void setLoginView(HttpSecurity http, * the http security from {@link #filterChain(HttpSecurity)} * @param flowLoginView * the login view to use - * @param logoutUrl + * @param logoutSuccessUrl * the URL to redirect the user to after logging out * * @throws Exception * if something goes wrong */ protected void setLoginView(HttpSecurity http, - Class flowLoginView, String logoutUrl) + Class flowLoginView, String logoutSuccessUrl) throws Exception { Optional route = AnnotationReader.getAnnotationFor(flowLoginView, Route.class); @@ -373,7 +366,7 @@ protected void setLoginView(HttpSecurity http, formLogin.successHandler( getVaadinSavedRequestAwareAuthenticationSuccessHandler(http)); http.csrf().ignoringAntMatchers(loginPath); - http.logout().logoutSuccessUrl(logoutUrl); + http.logout().logoutSuccessUrl(logoutSuccessUrl); http.exceptionHandling().defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(loginPath), AnyRequestMatcher.INSTANCE); diff --git a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java index b23c035dfef..a94a9be9e34 100644 --- a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java +++ b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java @@ -15,10 +15,6 @@ */ package com.vaadin.flow.spring.security; -import javax.crypto.SecretKey; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.LinkedHashMap; import java.util.Objects; @@ -26,6 +22,11 @@ import java.util.stream.Collectors; import java.util.stream.Stream; +import javax.crypto.SecretKey; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException;