Unexpected redirect after login with JAAS and Vaadin Push

I am using Vaadin Push in one of my apps that relies on JAAS login. The situation seems to be clashing with two frames.

I configured security restrictions like this:

<!-- This is the exclusion I talk about below -->
<security-constraint>
    <web-resource-collection>
        <web-resource-name>ecomsupportform</web-resource-name>
        <url-pattern>/app/PUSH</url-pattern>
    </web-resource-collection>
</security-constraint>
<!-- This is the exclusion I talk about below -->

<security-constraint>
    <web-resource-collection>
        <web-resource-name>ecomsupportform</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name> 
    </auth-constraint>
</security-constraint>

<security-role>
    <description>any</description>
    <role-name>*</role-name>
</security-role>

      

        
        
        
      

    

When I refresh the page after the session ends, the login page appears. But then Vaadin seems to want to close the Push session by sending a request to the server via Atmosphere, which JBoss notices and prevents because I am not logged in yet. While I don't know what happened to the Push-Session, when I know the login is in, JBoss redirects me to the .../PUSH

-URL that Vaadin posted earlier. A blank screen will appear.

I tried, perhaps, to prevent JBoss from catching the PUSH

-Request by excluding it from authentication. Now, when Vaadin sends his request, the browser shows 500 in the network tab (instead of 401 HTTP Response Code) and the same thing happens when I log in.

I've also tried setting Push to MANUAL or using many different transport mechanisms.

PS: In case it helps. When I go to the login page and reload it before login, everything works fine.

Is there a way to prevent JBoss from being redirected after login? Or can I fix it differently?