当我在 tomcat 上运行应用程序时,页面返回此错误:本地主机重定向了您太多次
登录页面必须是自定义的。
这是我的控制器类和方法:
@RestController
@RequestMapping("/login.htm")
public class LoginFormController {
protected final Log logger = LogFactory.getLog(getClass());
@GetMapping
public ModelAndView handleRequest(HttpServletRequest req,
HttpServletResponse res) throws Exception {
logger.info("Returning login view");
Map<String, Object> myModel = new HashMap<String, Object>();
return new ModelAndView("login", "model", myModel);
}
}
这是我的 securityFilterChain 方法
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/login").permitAll()
.anyRequest().authenticated())
.formLogin((formLogin) -> formLogin
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/home", true).permitAll());
return http.build();
}
在控制台中我有此跟踪和调试信息:
2024-03-11T13:19:57.812+01:00 DEBUG 11604 --- [nio-8080-exec-8] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/demo/error?continue to session
2024-03-11T13:19:57.812+01:00 DEBUG 11604 --- [nio-8080-exec-8] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/demo/login
2024-03-11T13:19:57.817+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2024-03-11T13:19:57.817+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7ff90f3e, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@73a93162, org.springframework.security.web.context.SecurityContextHolderFilter@ec11749, org.springframework.security.web.header.HeaderWriterFilter@ad824f9, org.springframework.security.web.csrf.CsrfFilter@42d7ffe5, org.springframework.security.web.authentication.logout.LogoutFilter@70fba437, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5ca6435b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10be5d15, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2273e500, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@106eac2a, org.springframework.security.web.access.ExceptionTranslationFilter@5353b529, org.springframework.security.web.access.intercept.AuthorizationFilter@6cbfa329]] (1/1)
2024-03-11T13:19:57.817+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /login
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (7/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (11/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (12/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@6768e172]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@6768e172] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda$540/0x000000080053a860@5d9c15c9
2024-03-11T13:19:57.818+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Secured GET /login
2024-03-11T13:19:57.818+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : GET "/demo/login", parameters={}
2024-03-11T13:19:57.819+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2024-03-11T13:19:57.820+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2024-03-11T13:19:57.820+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 5941141B4FD07EED2E16EF1676DC2D46 using the SPRING_SECURITY_CONTEXT session attribute
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]]
2024-03-11T13:19:57.821+01:00 DEBUG 11604 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7ff90f3e, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@73a93162, org.springframework.security.web.context.SecurityContextHolderFilter@ec11749, org.springframework.security.web.header.HeaderWriterFilter@ad824f9, org.springframework.security.web.csrf.CsrfFilter@42d7ffe5, org.springframework.security.web.authentication.logout.LogoutFilter@70fba437, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5ca6435b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10be5d15, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2273e500, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@106eac2a, org.springframework.security.web.access.ExceptionTranslationFilter@5353b529, org.springframework.security.web.access.intercept.AuthorizationFilter@6cbfa329]] (1/1)
2024-03-11T13:19:57.821+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /error
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (7/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (11/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (12/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@51924b66]]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@51924b66]] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@324e7f3
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 5941141B4FD07EED2E16EF1676DC2D46 using the SPRING_SECURITY_CONTEXT session attribute
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]]
2024-03-11T13:19:57.823+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
您的
LoginFormController
有两处问题
@RestController
而不是 @Controller
@RequestMapping
,可以有效地将您的登录页面映射到 /login.htm/login
,因为顶级和方法级别将合并在一起。不要定义控制器,而是执行以下操作。
放弃你的
LoginFormController
并添加以下课程。
@Configuration
public ViewOnlyConfiguration implements WebMvcConfigurer {
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
}
这就是您所需要的。这将自动创建一个控制器来呈现正确的页面。无需自己添加控制器。