1

I recently tried to upgrade from Vaadin 20 to Vaadin 21. I followed the upgrading guide and everything seemed to start nicely without any error messages. But when I try to navigate to any route only my MainLayout is loaded and everything inside loads the not found page (for every route), no error messages in the log. Seems to me like the routes are not properly populated regardless if openly accessible or with login.

Stack:

  • Vaadin 21.0.2
  • Spring Boot 2.4.4
  • JDK 11

Header Config of Sample Page:

@CssImport("./styles/page/login.css")
@PageTitle("Login")
@Component
@RouteAlias(value = "", layout = MainLayout.class, absolute = true)
@Route(value = "login", layout = MainLayout.class, absolute = true)
@UIScope
public class LoginView {
   // ...
}

Not found page:

@ParentLayout(MainLayout.class)
@PageTitle("Notfound")
public class CustomRouteNotFoundError extends RouteNotFoundError implements BeforeEnterObserver

Is there something wrong with my route definition or did something change in the security configuration from Vaadin 20 to 21?

Anna Koskinen
  • 1,362
  • 3
  • 22
Jonas TM
  • 150
  • 1
  • 11

1 Answers1

3

Vaadin 21 blocks access to all views by default. You need to add annotations to each view specifying who should have access. @PermitAll will allow all logged-in users to access the view. See https://vaadin.com/docs/v21/flow/integrations/spring/view-based-access-control/#annotating-the-view-classes

Marcus Hellberg
  • 1,853
  • 10
  • 16
  • Thanks Marcus, I was able to solve the problem with that. However it feels a bit weired having Spring and Vaadin Site Security `@Secured(Role.USER) @RolesAllowed(Role.USER) ` btw: love your videos on the vaadin channel, keep up the good work! – Jonas TM Oct 05 '21 at 15:24
  • Unfortunately, I still have some problem - follow up question [here](https://stackoverflow.com/questions/69473505/vaadin-21-migration-to-view-based-access-control-rolesallowed-not-working). – Jonas TM Oct 06 '21 at 22:53