web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- security config -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
security-context.xml
-
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"><security:http auto-config="true" use-expressions="false"> <security:form-login login-page="/login" login-processing-url="/login" username-parameter="uname" password-parameter="pass" default-target-url="/home"/> <security:intercept-url pattern="/**" access="ROLE_USER"/> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="spider" password="peter" authorities="ROLE_USER"/> <security:user name="ironman" password="tony" authorities="ROLE_ADMIN,ROLE_USER"/> <security:user name="thor" password="thor" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>login</title>
</head>
<body>
<form method="POST">
Name:<input type="text" name="uname"><br>
Pass:<input type="password" name="pass"><br>
<sec:csrfInput/>
<input type="submit" value="Login">
</form>
</body>
</html>
HomeController.java
@Controller
public class HomeController {
private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
/**
* Simply selects the home view to render by returning its name.
*/
@RequestMapping(value = "/home", method = RequestMethod.GET)
public String home(Locale locale, Model model) {
logger.info("Welcome home! The client locale is {}.", locale);
Date date = new Date();
DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
String formattedDate = dateFormat.format(date);
model.addAttribute("serverTime", formattedDate );
return "home";
}
@RequestMapping(value="/login",method=RequestMethod.GET)
public String goLogin(){
return "login";
}
}
**> **url is "localhost:8080/controller/login"****
and I got The localhost page isn’t working
localhost redirected you too many times.
ERR_TOO_MANY_REDIRECTS
Best Answer
ERR_TOO_MANY_REDIRECTS is a sign that you have a redirection loop. In your case, you try to access the login page, but the
<security:intercept-url pattern="/**" access="ROLE_USER"/>
states that you need to be logged as aUSER
for every URL. Spring security then tries to forward to the login URL, which triggers another redirection.To fix your problem, you need to define a security exemption for
/login
URL allowing anonymous users to view the login page.Good luck,
Regards Daniel