Getting ERR_TOO_MANY_REDIRECTS after updating to Spring Security 5 from 3
I'm getting ERR_TOO_MANY_REDIRECTS
on my login page, after updating to Spring Security 5.1.1. Here's the xml config for the login url:
<http>
<intercept-url pattern="/login.html" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')" />
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<form-login
login-page="/login.html"
authentication-failure-url="/login.html?loginError=1"
default-target-url="/default.html"
always-use-default-target="false"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failureHandler" />
<anonymous />
<logout />
</http>
spring spring-security
add a comment |
I'm getting ERR_TOO_MANY_REDIRECTS
on my login page, after updating to Spring Security 5.1.1. Here's the xml config for the login url:
<http>
<intercept-url pattern="/login.html" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')" />
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<form-login
login-page="/login.html"
authentication-failure-url="/login.html?loginError=1"
default-target-url="/default.html"
always-use-default-target="false"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failureHandler" />
<anonymous />
<logout />
</http>
spring spring-security
add a comment |
I'm getting ERR_TOO_MANY_REDIRECTS
on my login page, after updating to Spring Security 5.1.1. Here's the xml config for the login url:
<http>
<intercept-url pattern="/login.html" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')" />
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<form-login
login-page="/login.html"
authentication-failure-url="/login.html?loginError=1"
default-target-url="/default.html"
always-use-default-target="false"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failureHandler" />
<anonymous />
<logout />
</http>
spring spring-security
I'm getting ERR_TOO_MANY_REDIRECTS
on my login page, after updating to Spring Security 5.1.1. Here's the xml config for the login url:
<http>
<intercept-url pattern="/login.html" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')" />
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<form-login
login-page="/login.html"
authentication-failure-url="/login.html?loginError=1"
default-target-url="/default.html"
always-use-default-target="false"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failureHandler" />
<anonymous />
<logout />
</http>
spring spring-security
spring spring-security
asked Nov 22 at 17:36
sys463
398
398
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
IS_AUTHENTICATED_ANONYMOUSLY
role is only assigned when you give access to the public to access some of your resources. and this is the defaults role managed by AuthenticatedVoter.
when you set access to IS_AUTHENTICATED_ANONYMOUSLY
to the login page, basically you are telling spring to check if the Authenticated person has this role, but there is no authentication when you first try to access the login page. so spring will redirect you to the login so that you get authenticated so here is endless redirections
Change your configuration to:
<intercept-url pattern="/login.html*" access="permitAll"/>
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53435946%2fgetting-err-too-many-redirects-after-updating-to-spring-security-5-from-3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
IS_AUTHENTICATED_ANONYMOUSLY
role is only assigned when you give access to the public to access some of your resources. and this is the defaults role managed by AuthenticatedVoter.
when you set access to IS_AUTHENTICATED_ANONYMOUSLY
to the login page, basically you are telling spring to check if the Authenticated person has this role, but there is no authentication when you first try to access the login page. so spring will redirect you to the login so that you get authenticated so here is endless redirections
Change your configuration to:
<intercept-url pattern="/login.html*" access="permitAll"/>
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
add a comment |
IS_AUTHENTICATED_ANONYMOUSLY
role is only assigned when you give access to the public to access some of your resources. and this is the defaults role managed by AuthenticatedVoter.
when you set access to IS_AUTHENTICATED_ANONYMOUSLY
to the login page, basically you are telling spring to check if the Authenticated person has this role, but there is no authentication when you first try to access the login page. so spring will redirect you to the login so that you get authenticated so here is endless redirections
Change your configuration to:
<intercept-url pattern="/login.html*" access="permitAll"/>
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
add a comment |
IS_AUTHENTICATED_ANONYMOUSLY
role is only assigned when you give access to the public to access some of your resources. and this is the defaults role managed by AuthenticatedVoter.
when you set access to IS_AUTHENTICATED_ANONYMOUSLY
to the login page, basically you are telling spring to check if the Authenticated person has this role, but there is no authentication when you first try to access the login page. so spring will redirect you to the login so that you get authenticated so here is endless redirections
Change your configuration to:
<intercept-url pattern="/login.html*" access="permitAll"/>
IS_AUTHENTICATED_ANONYMOUSLY
role is only assigned when you give access to the public to access some of your resources. and this is the defaults role managed by AuthenticatedVoter.
when you set access to IS_AUTHENTICATED_ANONYMOUSLY
to the login page, basically you are telling spring to check if the Authenticated person has this role, but there is no authentication when you first try to access the login page. so spring will redirect you to the login so that you get authenticated so here is endless redirections
Change your configuration to:
<intercept-url pattern="/login.html*" access="permitAll"/>
edited Nov 23 at 10:05
answered Nov 22 at 18:17
slimane
58414
58414
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
add a comment |
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
Thanks or your comment @slimane! Then, what should I use here? It worked fine on Spring 3..
– sys463
Nov 23 at 7:18
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53435946%2fgetting-err-too-many-redirects-after-updating-to-spring-security-5-from-3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown