Vaadin 24 种绕过 Spring Security 的资源

Question

对于 Vaadin 14，有文档明确说明应将哪些 Vaadin 资源添加到配置中以绕过 Spring Security： https: //vaadin.com/docs/v14/flow/tutorial/login-and-authentication

  /**
   * Allows access to static resources, bypassing Spring Security.
   */
  @Override
  public void configure(WebSecurity web) {
    web.ignoring().antMatchers(
        // Client-side JS
        "/VAADIN/**",

        // the standard favicon URI
        "/favicon.ico",

        // the robots exclusion standard
        "/robots.txt",

        // web application manifest
        "/manifest.webmanifest",
        "/sw.js",
        "/offline.html",

        // icons and images
        "/icons/**",
        "/images/**",
        "/styles/**",

        // (development mode) H2 debugging console
        "/h2-console/**");
  }

我无法找到 Vaadin 24 的相同信息。

这是我当前的配置：

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);

        web.ignoring().requestMatchers(
              
                "/session-expired",
                "/images/*",
                "/login",
                "/favicon.ico",
                "/favicon-notification.ico",
                "/offline.html",
                "/offline-stub.html",
                "/sw-runtime-resources-precache.js",
                "/robots.txt");
    }

为了使 Vaadin 24 正常运行，还应该添加什么？我还需要在那里添加其他内容吗，例如：

"/VAADIN/**",
"/sw.js",

或者是其他东西？

Answer 1

您可以扩展 VaadinWebSecurity 类，为 Vaadin 应用程序设置所需的规则。

https://vaadin.com/docs/latest/security/enabling-security/#security-configuration-class

如果您由于某种原因无法扩展它，请查看代码以了解配置的内容。