VAADIN - User is able to login after logout

Question

I've implemented a sample spring boot application with vaadin-flow. I implemented an in-memory authorization with two roles (User, Admin). When login at the first time the system ask for the credentials as expected. I requested "/my/logout" url to logout, After that I can still access restricted content without providing the user credentials (user login is not prompted). Following is my web security config

http.csrf().disable().
            authorizeRequests()
            .anyRequest().authenticated()
            .antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**", "/login", "/login/**", "/error/**", "/accessDenied/**", "/vaadinServlet/**").permitAll()
            .and().httpBasic()
            .and().logout().logoutUrl("/my/logout")
            .permitAll();

Is your setup actually handling a logout for basic auth? see https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication — cfrick, Nov 09 '18 at 08:55
@cfrick I think yes, I tried login page mentioned in https://stackoverflow.com/questions/35912404/spring-boot-security-with-vaadin-login but it won't show any content inside the login page — user3717646, Nov 09 '18 at 09:21

VAADIN - User is able to login after logout

0 Answers0