Announcement Announcement Module
No announcement yet.
Redirect Loop when accessing login page (Spring Security 3.1.3) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Redirect Loop when accessing login page (Spring Security 3.1.3)

    I can't seem to get my Spring Security configuration working. I have something like this in my security.xml:

        <!--<http pattern="/login.htm" security="none"/>-->
        <http pattern="/css/**" security="none"/>
        <http pattern="/js/**" security="none"/>
        <http use-expressions="true" auto-config="true">
            <anonymous enabled="true"/>
            <form-login login-page="/login.htm"
            <intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/logout**" access="permitAll"/>
            <intercept-url pattern="/**" access="hasRole('ROLE_VENDOR')" />
            <logout logout-url="/login.htm" invalidate-session="true"/>
    When I go the root of the application, Spring Security forwards to the /login.htm URL, but it winds up going into a redirect (infinite) loop. Note: /login.htm is not an actual file, but a @RequestMapping path on the LoginController that simply resolves to the login.jsp view under WEB-INF. I've tried multiple variations (access="permitAll"), but nothing seems to work--it always goes into this loop. The only thing that does work is uncommenting the http tag with the attribute security="none".

    I finally resolved the issue by moving login.jsp out of WEB-INF, and referencing that directly from the security config XML, but I'm curious why it appears that defining an intercept URL on a Spring MVC request mapping doesn't seem to work. Known issue? Bug?
    Last edited by bspies; May 9th, 2013, 06:03 PM.