Spring-mvc – Spring Security: The localhost page isn’t working

spring-mvcspring-security

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/root-context.xml
            /WEB-INF/spring/security-context.xml
        </param-value>
    </context-param>

    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

<!-- security config  -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

security-context.xml

  1. http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

        <security:http auto-config="true" use-expressions="false">
        <security:form-login login-page="/login" login-processing-url="/login" username-parameter="uname" 
        password-parameter="pass" default-target-url="/home"/>
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="spider" password="peter" authorities="ROLE_USER"/>
                <security:user name="ironman" password="tony" authorities="ROLE_ADMIN,ROLE_USER"/>
                <security:user name="thor" password="thor" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

login.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>login</title>
</head>
<body>
    <form method="POST">
        Name:<input type="text" name="uname"><br>
        Pass:<input type="password" name="pass"><br>
        <sec:csrfInput/>
        <input type="submit" value="Login">
    </form>
</body>
</html>

HomeController.java

@Controller
public class HomeController {

    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

    /**
     * Simply selects the home view to render by returning its name.
     */
    @RequestMapping(value = "/home", method = RequestMethod.GET)
    public String home(Locale locale, Model model) {
        logger.info("Welcome home! The client locale is {}.", locale);

        Date date = new Date();
        DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);

        String formattedDate = dateFormat.format(date);

        model.addAttribute("serverTime", formattedDate );

        return "home";
    }

    @RequestMapping(value="/login",method=RequestMethod.GET)
    public String goLogin(){
        return "login";
    }

}

**> **url is "localhost:8080/controller/login"****

and I got The localhost page isn’t working
localhost redirected you too many times.
ERR_TOO_MANY_REDIRECTS

Best Answer

ERR_TOO_MANY_REDIRECTS is a sign that you have a redirection loop. In your case, you try to access the login page, but the <security:intercept-url pattern="/**" access="ROLE_USER"/> states that you need to be logged as a USER for every URL. Spring security then tries to forward to the login URL, which triggers another redirection.

To fix your problem, you need to define a security exemption for /login URL allowing anonymous users to view the login page.

Good luck,

Regards Daniel

Related Topic