admin管理员组文章数量:1123770
I am studying about Spring Security. I'm doing the authorization and authentication from login page but i always get an error:
"localhost redirected you too many times."
I've tried clearing my cache & cookies in the browser and still get the same error.
This is my security config
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(auth -> auth
.requestMatchers("/admin/**").hasRole("ADMIN")
.requestMatchers("/user/**").hasRole("USER")
.requestMatchers("/admin/login").permitAll()
.anyRequest().authenticated())
.formLogin(login -> login
.loginPage("/admin/login")
.successHandler(new AuthenticationHandler())
.permitAll()
)
.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout").permitAll()
);
return http.build();
}
and my success handler
public class AuthenticationHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
// GET ROLE
String role = authentication.getAuthorities().iterator().next().getAuthority();
if (role.equals("ROLE_ADMIN")) {
httpServletResponse.sendRedirect("/admin/home");
}
else if (role.equals("ROLE_USER")) {
httpServletResponse.sendRedirect("/public/home");
}
else {
httpServletResponse.sendRedirect("/login?error=true");
}
}
}
I am studying about Spring Security. I'm doing the authorization and authentication from login page but i always get an error:
"localhost redirected you too many times."
I've tried clearing my cache & cookies in the browser and still get the same error.
This is my security config
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(auth -> auth
.requestMatchers("/admin/**").hasRole("ADMIN")
.requestMatchers("/user/**").hasRole("USER")
.requestMatchers("/admin/login").permitAll()
.anyRequest().authenticated())
.formLogin(login -> login
.loginPage("/admin/login")
.successHandler(new AuthenticationHandler())
.permitAll()
)
.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout").permitAll()
);
return http.build();
}
and my success handler
public class AuthenticationHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
// GET ROLE
String role = authentication.getAuthorities().iterator().next().getAuthority();
if (role.equals("ROLE_ADMIN")) {
httpServletResponse.sendRedirect("/admin/home");
}
else if (role.equals("ROLE_USER")) {
httpServletResponse.sendRedirect("/public/home");
}
else {
httpServletResponse.sendRedirect("/login?error=true");
}
}
}
1 Answer
Reset to default 0I think your're not hitting the USER/ADMIN role and your redirect seems incorrect. If you're having any role but USER/ADMIN, you redirect to /login (which requires the user to be authenticated) instead of /admin/login, seemingly causing an endless redirection loop.
You should probably change the login page to /login instead of /admin/login because in your code, a simple non-admin user can also login, making /admin/login 'wrong'.
本文标签: javaSpringSecurity localhost redirected too many timesStack Overflow
版权声明:本文标题:java - SpringSecurity localhost redirected too many times - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736595881a1945148.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
AuthenticationSuccessHandlerwhen you attempt to log in? Which endpoint does it redirect you to when you test? – Bernie Commented yesterday