Spring Security - 本地主机重定向你太多次

当我在 tomcat 上运行应用程序时，页面返回此错误：本地主机重定向了您太多次

登录页面必须是自定义的。

这是我的控制器类和方法：

@RestController
@RequestMapping("/login.htm")
public class LoginFormController {
    protected final Log logger = LogFactory.getLog(getClass());


    @GetMapping
    public ModelAndView handleRequest(HttpServletRequest req,
            HttpServletResponse res) throws Exception {
        logger.info("Returning login view");

        Map<String, Object> myModel = new HashMap<String, Object>();
        
        return new ModelAndView("login", "model", myModel);
    }
    
}

这是我的 securityFilterChain 方法

    @Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(authorize ->  authorize
            .requestMatchers("/login").permitAll()
            .anyRequest().authenticated())
        .formLogin((formLogin) -> formLogin
                .loginPage("/login")
                .loginProcessingUrl("/login")
                .defaultSuccessUrl("/home", true).permitAll());
    
  return http.build();
}

在控制台中我有此跟踪和调试信息：

2024-03-11T13:19:57.812+01:00 DEBUG 11604 --- [nio-8080-exec-8] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8080/demo/error?continue to session
2024-03-11T13:19:57.812+01:00 DEBUG 11604 --- [nio-8080-exec-8] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:8080/demo/login
2024-03-11T13:19:57.817+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2024-03-11T13:19:57.817+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7ff90f3e, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@73a93162, org.springframework.security.web.context.SecurityContextHolderFilter@ec11749, org.springframework.security.web.header.HeaderWriterFilter@ad824f9, org.springframework.security.web.csrf.CsrfFilter@42d7ffe5, org.springframework.security.web.authentication.logout.LogoutFilter@70fba437, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5ca6435b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10be5d15, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2273e500, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@106eac2a, org.springframework.security.web.access.ExceptionTranslationFilter@5353b529, org.springframework.security.web.access.intercept.AuthorizationFilter@6cbfa329]] (1/1)
2024-03-11T13:19:57.817+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /login
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (7/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (8/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (10/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (11/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (12/12)
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@6768e172]
2024-03-11T13:19:57.818+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@6768e172] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda$540/0x000000080053a860@5d9c15c9
2024-03-11T13:19:57.818+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Secured GET /login
2024-03-11T13:19:57.818+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : GET "/demo/login", parameters={}
2024-03-11T13:19:57.819+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2024-03-11T13:19:57.820+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler     : Resource not found
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2024-03-11T13:19:57.820+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed 404 NOT_FOUND
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 5941141B4FD07EED2E16EF1676DC2D46 using the SPRING_SECURITY_CONTEXT session attribute
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.820+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]]
2024-03-11T13:19:57.821+01:00 DEBUG 11604 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7ff90f3e, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@73a93162, org.springframework.security.web.context.SecurityContextHolderFilter@ec11749, org.springframework.security.web.header.HeaderWriterFilter@ad824f9, org.springframework.security.web.csrf.CsrfFilter@42d7ffe5, org.springframework.security.web.authentication.logout.LogoutFilter@70fba437, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5ca6435b, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10be5d15, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2273e500, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@106eac2a, org.springframework.security.web.access.ExceptionTranslationFilter@5353b529, org.springframework.security.web.access.intercept.AuthorizationFilter@6cbfa329]] (1/1)
2024-03-11T13:19:57.821+01:00 DEBUG 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /error
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (7/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (8/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (10/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (11/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (12/12)
2024-03-11T13:19:57.821+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@51924b66]]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@51924b66]] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@324e7f3
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 5941141B4FD07EED2E16EF1676DC2D46 using the SPRING_SECURITY_CONTEXT session attribute
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-03-11T13:19:57.822+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]]
2024-03-11T13:19:57.823+01:00 TRACE 11604 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=5941141B4FD07EED2E16EF1676DC2D46], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied