Announcement Announcement Module
Collapse
No announcement yet.
Not redirecting to login page when using https with a domain name - Error 310 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not redirecting to login page when using https with a domain name - Error 310

    Hi:
    I am facing an error when I use requires-channel="https" for login page.
    I am securing my resources using defined roles by using expressions.

    I have configured filter as below in web.xml:
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    And in the following is my security configuration.

    <?xml version="1.0" encoding="UTF-8"?>

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


    <http use-expressions="true">
    <intercept-url pattern="/login.jsp" access="permitAll" />
    <intercept-url pattern="/My_Home.html" access="hasRole('admin')" requires-channel="https" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
    <logout logout-success-url="/login.jsp" />
    <port-mappings>
    <port-mapping http="8080" https="8443"/>
    </port-mappings>
    </http>


    <authentication-manager>
    <authentication-provider>
    <user-service>
    <user name="sree" password="mypass" authorities="admin" />
    </user-service>
    </authentication-provider>
    </authentication-manager>

    </beans:beans>

    I am basically securing a static page (html5 page), which has calls to some third party REST services.

    Application is deployed on WAS CE 3.0.

    It is working fine when I access the resources using localhost on https, if I am not logged in it is re directing to the login page i.e.
    https://localhost:8443/HTML5Web/My_Home.html is taking me to https://localhost:8443/HTML5Web/login.jsp

    And on successful login it is displaying the secured resource.

    But when I access the same secured resource using the domain name on https i.e.

    https://domainname:8443/HTML5Web/My_Home.html, it is giving an error as

    "Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects."

    Please help me in resolving this error, is it a problem with Spring Configuration?

    Regards
    Sreedhar

  • #2
    Try capturing the redirects with a plugin like FireFox tamper data. Ensure that the HTTP session is being submitted in the requests. Also try enabling logging in Spring Security and determining if that helps figure out the issue.

    Comment

    Working...
    X