Tutorial with no Login View and spring ressource-server

[RainerGanss]

Hi, I'm not sure where to put this, so here I am.

I'm developing a rather big micro service cloud application with dozen of services, two of whom have a vaadin frontend. They are obviously behind a reverse proxy (nginx) which handles the authentication (forwards to an IDP).

In the documentation (https://vaadin.com/docs/latest/security/enabling-security) it states the requirement for a login view and a log out capability. I have the latter, but no vaadin log in view.

On the other hand I just wan't to configure the jwt security with spring using a ressource-server to check the provided bearer token.

Could you please provide a tutorial, how this is supposed to be configured?

I currently have this configuration, but am not sure, if this is correct.

@Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers(ACTUATOR_HEALTH_ENDPOINT).permitAll();
        http.authorizeRequests().antMatchers(ACTUATOR_PROMETHEUS_ENDPOINT).permitAll();

        super.configure(http);

        http.cors()
                .and()
                .oauth2ResourceServer()
                .jwt();
    }

[RainerGanss]

126 ideally together with this one since we'll move to spring boot 3 soon.

[mstahv]

Hi, the current tutorial is now updated to V24 & SB 3. I also think this topic would be good to be covered, probably as a separate how-to guide instead of this introduction tutorial. We can keep this issue open here to remind about that, although it probably is going to be a separate article and separate example repository.

[RainerGanss]

Sounds good to me. In particularly the nginx-config would be nice, since we (again) have trouble to configure it to work smoothly with vaadin. @DManstrator maybe add our config here after we verified the fix.