From 8caddc1f592b8634f9a17bd22b94e5a12071dfdd Mon Sep 17 00:00:00 2001 From: Marco Collovati Date: Fri, 21 Jul 2023 08:12:09 +0200 Subject: [PATCH 1/2] chore(deps): bump spring.boot.version from 3.0.8 to 3.0.9 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9eed58bb6e6..7e5cc83dd79 100644 --- a/pom.xml +++ b/pom.xml @@ -84,7 +84,7 @@ false - 3.0.8 + 3.0.9 1.0.1 2.9.0 8.0.0.Final From fb6d2291ed4c0206f106a6f4fe18de2c841374e1 Mon Sep 17 00:00:00 2001 From: Marco Collovati Date: Fri, 21 Jul 2023 08:53:20 +0200 Subject: [PATCH 2/2] explicitly use ant path request matcher --- .../com/vaadin/flow/spring/security/VaadinWebSecurity.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java index 633494ca250..da9a1a0fd9d 100644 --- a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java +++ b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurity.java @@ -435,7 +435,8 @@ protected void setLoginView(HttpSecurity http, formLogin.loginPage(loginPath).permitAll(); formLogin.successHandler( getVaadinSavedRequestAwareAuthenticationSuccessHandler(http)); - http.csrf().ignoringRequestMatchers(loginPath); + http.csrf() + .ignoringRequestMatchers(new AntPathRequestMatcher(loginPath)); configureLogout(http, logoutSuccessUrl); http.exceptionHandling().defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(loginPath),