'ERR_TOO_MANY_REDIRECTS Spring Security

When using custom login page I am getting this error, please let me know where I am going wrong.

Controller:

<!-- language: java -->    
    @GetMapping("/login")
    public String login(ModelMap model) {
        List<String> authType = ldapAuthConfigService.getEnabledAuthentications();
        model.addAttribute("authList", authType);
        return "home";
    }

Security config:

@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/**").authenticated().and().formLogin()
            .loginPage("/login").permitAll()
            .defaultSuccessUrl("/layout", true).and()
            .logout().clearAuthentication(true).invalidateHttpSession(true)
            .logoutRequestMatcher(new AntPathRequestMatcher(
                    "/logout"))
            .logoutSuccessUrl(
                    "/login?logout")
            .permitAll().and().authenticationProvider(
                    customeAuthenticationProvider());
    http.headers().disable();
    if (protocol != null && protocol.equalsIgnoreCase("http")) {
        http.requiresChannel().anyRequest().requiresInsecure();
    } else {
        http.requiresChannel().anyRequest().requiresSecure();
    }
}
}

I added viewController and removed it from GetMapping in controller, it was working fine but i need to add a model map before loading login page '''

@Component
public class WebConfig implements WebMvcConfigurer {

    private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { "classpath:/META-INF/resources/",
            "classpath:/resources/", "classpath:/static/", "classpath:/public/" };

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
        registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
        registry.addResourceHandler("/script-api/**").addResourceLocations("classpath:/static/script-api/");
        registry.addResourceHandler("/theme/**").addResourceLocations("classpath:/static/theme/");

        if (!registry.hasMappingForPattern("/webjars/**")) {
            registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
        }
        if (!registry.hasMappingForPattern("/**")) {
            registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS);
        }
    }

@Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/login").setViewName("home");
    }
    
    }

'''

This is my view page home.html '''

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
    xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">

<head>
<title>EZENGAGE</title>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport"
    content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />
<!-- VENDOR CSS -->
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/bootstrap/css/bootstrap.min.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/daterangepicker/daterangepicker.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/font-awesome/css/font-awesome.min.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/animate-css/vivify.min.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/c3/c3.min.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/chartist/css/chartist.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/chartist-plugin-tooltip/chartist-plugin-tooltip.css}" />
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/assets/vendor/toastr/toastr.min.css}" />
<!-- MAIN CSS -->
<link rel="stylesheet" type="text/css"
    th:href="@{/theme/dark/assets/css/site.min.css}" />
</head>

<body class="theme-cyan">
<div class="pattern">
        <span class="red"></span> <span class="indigo"></span> <span
            class="blue"></span> <span class="green"></span> <span class="orange"></span>
    </div>
    <div class="auth-main particles_js">
        <div class="auth_div vivify popIn">
            <div class="card text-white text-center  mx-auto"
                style="width: 350px; background: #343840; box-shadow: 5px 5px 10px black;">
                <div class="card-header">
                    <img class=" card-title img-fluid logo"
                        th:src="@{/theme/assets/images/ezelink-white-logo.png}"
                        alt="EZELink Logo" style="width: 150px;" />
                </div>
                <form class="form-auth-small m-t-20" th:action="@{/login}" method="post"
                    name="login-form" th:autocomplete="off">
                    <div th:if="${param.error}">
                        <div class="alert alert-danger">Username or password is
                            invalid, please try again.</div>
                    </div>
                    <div th:if="${param.logout}">
                        <div class="alert alert-danger">You have been logged out.</div>
                    </div>
                    <div class="card-body form-group">
                        <div class="mb-3">
                            <label for="login-username" class="form-label"></label> <input
                                type="text" name="username" id="login-username"
                                class="form-control" placeholder="Username"
                                aria-describedby="helpId">
                        </div>
                        <div class="mb-3 form-group">
                            <label for="login-password" class="form-label"></label> <input
                                type="password" class="form-control" name="password"
                                id="login-password" placeholder="Password">
                        </div>
                        <div class="mb-3 form-group">
                            <th:block th:if="${#lists.size(authList) > 0}">
                                <select class="form-control" th:required="required"
                                    id="authType" name="authType" th:size="1">
                                    <option th:each="list : ${authList}" th:value="${list}"
                                        th:text="${list}" th:checked="${list}"></option>
                                </select>
                            </th:block>
                        </div>
                    </div>
                    <div class="card-footer text-muted" style="background: #343840">
                        <button type="submit" class="btn btn-primary btn-block form-group"
                            style="width: 300px; right: 20px;">Login</button>
                    </div>
                </form>
            </div>
        </div>
        <div id="particles-js"></div>

    <script th:src="@{/theme/dark/assets/bundles/libscripts.bundle.js}"></script>
    <script
        th:src="@{/theme/dark/assets/bundles/vendorscripts.bundle.js}"></script>
    <script
        th:src="@{/theme/dark/assets/bundles/mainscripts.bundle.js}"></script>
        </div>
</body>
</html>

''' This is my view page

spring-bootspring-mvcspring-security


Solution 1:[1]

I was able to reproduce this issue. Whith a login page defined as

.loginPage("/login")

and with the original controller

@GetMapping("login")
public String login() {
    return "home";
}

I get

http: error: Too many redirects (--max-redirects=30).

With the following config

    http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/login").permitAll()
            .antMatchers("/**").authenticated()
            .and().formLogin()
            .loginPage("/login")

I get an expected response

home

The issue may also be solved with this config:

        http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/**").authenticated()
            .and().formLogin()
            .loginPage("/login").permitAll()

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

Spring 3 MVC: Issue binding to list form fields on submit

Spring @Value annotation always evaluating as null?

what is the default page for spring-mvc application

exception sending context initialized event to listener instance of class

exception sending context initialized event to listener instance of class

How can I make Spring WebServices log all SOAP requests?

Hibernate : Why is it trying to drop/create database on startup?

Ignore fields from Java object dynamically while sending as JSON from Spring MVC

@EventListener for AuthenticationSuccessEvent or InteractiveAuthenticationSuccessEvent not fired

400 Bad Request - while POSTing JSON data to RESTful controller implemented with Spring MVC

How to convert a multipart file to File?

SpringBoot Web MVC Application cannot resolve JSP views

Getting an exception "Failed to start service jboss.module.service" for spring portlets

Could not exec java with Spring+Maven exit code 1