Server-side access control is not updated when a new view is added

[Legioth]

Describe the bug

In an application with access control (from start.vaadin.com), the server-side access control rules are not applied immediately when a new view is added. This leads to being redirected to /login if you try to navigate to a recently added public view if you are not logged in. The view can be accessed without being logged in after restarting the server.

Expected-behavior

Expected that the server-side access control settings are updated immediately when a new view is added.

Reproduction

1. Create an application on start.vaadin.com with access control for a /foo view and no access control for a/bar view.
2. Launch in dev mode
3. Copy views/bar.tsx into views/baz.tsx
4. Navigate to the new view from the new menu entry
5. Reload the page and observe that you're redirected to the login page.
6. Restart the server
7. Repeat steps 4 and 5 and observe that the view is still rendered after the reload

System Info

Vaadin 24.5.2

[platosha]

Probably worked in 24.4 by triggering a redeploy.

[platosha]

The key is getting RouteUtil.isRouteAllowed() behavior right.

[platosha]

An easy solution could be reading the json every time in dev mode.