Open sephiroth-j opened 1 week ago
I can reproduce the issue, but only with @Push
enabled with WEBSOCKET
transport.
@sephiroth-j can you please confirm if you have the same setup?
When @Push
transport is WEBSOCKET
, all client to server request are sent through the websocket channel, and the Vaadin PushHandler
does not provide a VaadinResponse
instance to VaadinService.requestStart()
nor sets the VaadinResponse
thread local.
Hello @mcollovati, yes, I had set @Push(transport = Transport.WEBSOCKET)
. Later, however, I switched back to the standard WEBSOCKET_XHR
because there were further problems with the login page and @RolesAllowed
annotations were not recognized.
Thanks for the confirmation.
For anyone else stepping here, the current workaround is to switch the PUSH transport to WEBSOCKET_XHR
(that is the default setting)
Description of the bug
I followed the example of enabling security using Spring Security. I added a logout button and used
AuthenticationContext.logout()
as described in the example.Instead of logging out, nothing happens because a
NullPointerException
is thrown herehttps://github.com/vaadin/flow/blob/12633cdf89710bd13b7f1b70fca83f4d65773f21/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/AuthenticationContext.java#L132-L133
The example when not using
AuthenticationContext
clearly does not try to useVaadinServletResponse
because it is a)null
and b) not used by the logout handler.example without
AuthenticationContext
stacktrace
Expected behavior
Successful logout, no NPE.
Minimal reproducible example
Add a logout button and use
AuthenticationContext.logout()
as described here.Versions
Hilla: 24.4.8 Flow: 24.4.8 Vaadin: 24.4.12 Copilot: 24.4.13 Copilot IDE Plugin: false Java: Eclipse Adoptium 21.0.3 Java Hotswap: false Frontend Hotswap: Disabled, using pre-built bundle OS: amd64 Windows 11 10.0 Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0 Spring Boot: 3.3.4 Spring Framework: 6.1.13 Spring Security: 6.3.3