Announcement Announcement Module
No announcement yet.
Not redirecting to login page when using https with a domain name - Error 310 Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not redirecting to login page when using https with a domain name - Error 310

    I am facing an error when I use requires-channel="https" for login page.
    I am securing my resources using defined roles by using expressions.

    I have configured filter as below in web.xml:
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>


    And in the following is my security configuration.

    <?xml version="1.0" encoding="UTF-8"?>

    <beans:beans xmlns=""
    xmlns:beans="" xmlns:xsi=""

    <http use-expressions="true">
    <intercept-url pattern="/login.jsp" access="permitAll" />
    <intercept-url pattern="/My_Home.html" access="hasRole('admin')" requires-channel="https" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
    <logout logout-success-url="/login.jsp" />
    <port-mapping http="8080" https="8443"/>

    <user name="sree" password="mypass" authorities="admin" />


    I am basically securing a static page (html5 page), which has calls to some third party REST services.

    Application is deployed on WAS CE 3.0.

    It is working fine when I access the resources using localhost on https, if I am not logged in it is re directing to the login page i.e.
    https://localhost:8443/HTML5Web/My_Home.html is taking me to https://localhost:8443/HTML5Web/login.jsp

    And on successful login it is displaying the secured resource.

    But when I access the same secured resource using the domain name on https i.e.

    https://domainname:8443/HTML5Web/My_Home.html, it is giving an error as

    "Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects."

    Please help me in resolving this error, is it a problem with Spring Configuration?


  • #2
    Try capturing the redirects with a plugin like FireFox tamper data. Ensure that the HTTP session is being submitted in the requests. Also try enabling logging in Spring Security and determining if that helps figure out the issue.