Description of the bug
The method:
loginView(Class<? extends Component> loginView, String logoutSuccessUrl)
and its JavaDoc describe the second parameter as a logout success redirect URL.
However, in practice the provided URL appears to be used as the redirect target after successful login/authentication rather than after logout.
Example:
config.loginView(LoginView.class, "/dashboard");
Observed behavior:
After successful login, the user is redirected to /dashboard.
Expected behavior
Based on the parameter name and JavaDoc, the URL should be used after logout instead.
This makes the API behavior confusing because:
the method is named loginView(...)
the parameter is named logoutSuccessUrl
runtime behavior appears to affect login success redirect handling
Expected behavior
Either:
the parameter/Javadoc should be renamed/clarified to reflect login success redirect behavior,
or
the implementation should apply the URL only after logout as documented.
Minimal reproducible example
http.with(VaadinSecurityConfigurer.vaadin(), config -> {
config.loginView(LoginView.class, "/dashboard");
});
After authenticating successfully, the application redirects to /dashboard.
Versions
- Vaadin / Flow version: 25.1.5
- Java version:25
- OS version: Ubuntu
- Browser version (if applicable): Chrome
- Application Server (if applicable): N/A
- IDE (if applicable): Intellij
Description of the bug
The method:
loginView(Class<? extends Component> loginView, String logoutSuccessUrl)
and its JavaDoc describe the second parameter as a logout success redirect URL.
However, in practice the provided URL appears to be used as the redirect target after successful login/authentication rather than after logout.
Example:
config.loginView(LoginView.class, "/dashboard");
Observed behavior:
After successful login, the user is redirected to /dashboard.
Expected behavior
Based on the parameter name and JavaDoc, the URL should be used after logout instead.
This makes the API behavior confusing because:
the method is named loginView(...)
the parameter is named logoutSuccessUrl
runtime behavior appears to affect login success redirect handling
Expected behavior
Either:
the parameter/Javadoc should be renamed/clarified to reflect login success redirect behavior,
or
the implementation should apply the URL only after logout as documented.
Minimal reproducible example
http.with(VaadinSecurityConfigurer.vaadin(), config -> {
config.loginView(LoginView.class, "/dashboard");
});
After authenticating successfully, the application redirects to /dashboard.
Versions