I am working on a spring boot Webapp with Vaadin 14 with JDK 11. I am using the stadard login form. And i have a custom request cache. I did not change anything at the code of the webapp or its dependencies or the java version.
The error that i get seems to come from the mechanic of sending unauthorized users to the login page.
But with the new version this does not work anymore. I hope somebody has this issue as well. I dont know why this behaviour is now happening.
At the start the user opens the browser with https://localhost:8101/application and the system recognizes that he is not authenticated yet and sends him to the login view. But before entering anything. The system adds a request to /error and overwrites the inital /application target. So after entering valid credentials, the user will see this error page: timestamp "2023-11-21T16:39:00.602+00:00" status 999 error "None"
After googling about this strange error i found this, but i am not using Keycloak at all: https://github.com/vaadin/collaboration-engine/issues/41 But the error seems to be the same.
Here is a part of my log file:
c.m.w.s.CustomRequestCache | saveRequest | 75 | Saved request https://localhost:8101/application to session
.s.s.w.DefaultRedirectStrategy | sendRedirect | 57 | Redirecting to https://localhost:8101/login
ssionSecurityContextRepository | saveContext | 357 | Did not store empty SecurityContext
ssionSecurityContextRepository | saveContext | 357 | Did not store empty SecurityContext
curityContextPersistenceFilter | doFilter | 120 | Cleared SecurityContextHolder to complete request
o.s.s.w.FilterChainProxy | doFilterInternal | 218 | Securing GET /login
.w.a.c.ChannelProcessingFilter | doFilter | 127 | Request: filter invocation [GET /login]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
curityContextPersistenceFilter | doFilter | 104 | Set SecurityContextHolder to empty SecurityContext
.AnonymousAuthenticationFilter | doFilter | 100 | Set SecurityContextHolder to anonymous SecurityContext
.a.i.FilterSecurityInterceptor | beforeInvocation | 210 | Authorized filter invocation [GET /login] with attributes [permitAll]
o.s.s.w.FilterChainProxy | doFilter | 333 | Secured GET /login
DefaultDeploymentConfiguration | logMessages | 154 | Vaadin is running in production mode.
c.v.f.s.c.PushRequestHandler | <init> | 102 | Using pre-initialized Atmosphere for servlet springServlet
c.v.f.s.SpringInstantiator | getI18NProvider | 81 | The number of beans implementing 'I18NProvider' is 0. Cannot use Spring beans for I18N, falling back to the default behavior
c.v.f.s.c.UidlWriter | createUidl | 164 | * Creating response to client
c.v.f.s.BootstrapHandler | getInitialUidl | 797 | Initial UIDL: [object Object]
ssionSecurityContextRepository | saveContext | 360 | Did not store anonymous SecurityContext
ssionSecurityContextRepository | saveContext | 360 | Did not store anonymous SecurityContext
curityContextPersistenceFilter | doFilter | 120 | Cleared SecurityContextHolder to complete request
o.s.s.w.FilterChainProxy | doFilterInternal | 218 | Securing GET /error
.w.a.c.ChannelProcessingFilter | doFilter | 127 | Request: filter invocation [GET /error]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
curityContextPersistenceFilter | doFilter | 104 | Set SecurityContextHolder to empty SecurityContext
.AnonymousAuthenticationFilter | doFilter | 100 | Set SecurityContextHolder to anonymous SecurityContext
.a.i.FilterSecurityInterceptor | attemptAuthorization | 247 | Failed to authorize filter invocation [GET /error] with attributes [authenticated]
c.m.w.s.CustomRequestCache | saveRequest | 75 | Saved request https://localhost:8101/error to session
.s.s.w.DefaultRedirectStrategy | sendRedirect | 57 | Redirecting to https://localhost:8101/login
I solved it by not allowing request with the word error to enter the cache:
I did not find the source of this, but i fought the symptoms of it.