I am applying spring boot security. When I open the browser in the current code, it redirects infinitely to “http://localhost:8080/login” and shows the error “localhost redirected you too many times.”.
Since formLogin() is deprecated, I used lambda expression.
This is the CustomSecurityConfig code:
package edu.library.libraryspringboot.config;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Log4j2
@Configuration
@RequiredArgsConstructor
public class CustomSecurityConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
log.info("-----------------configuration---------------------");
//http.formLogin();
http
.authorizeHttpRequests(authorize -> {
authorize
.anyRequest().authenticated();
})
.formLogin(formLogin -> {
formLogin
.loginPage("/login")
.permitAll();
});
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
log.info("---------------web configuration---------------------");
return (web) -> web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
}
And this is the CustomUserDetailsService code.
package edu.library.libraryspringboot.security;
import org.springframework.security.core.userdetails.User;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Log4j2
@Service
public class CustomUserDetailsService implements UserDetailsService {
private PasswordEncoder passwordEncoder;
public CustomUserDetailsService() {
this.passwordEncoder = new BCryptPasswordEncoder();
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.info("loadUserByUsername: " + username);
UserDetails userDetails = User.builder()
.username("user1")
//.password("1111")
.password(passwordEncoder.encode("1111")) //Needs password encoding
.authorities("ROLE_USER")
.build();
return userDetails;
}
}
I want to avoid the code from being infinitely redirected. How should I modify the code to see the login page?
Thank you in advance.
New contributor
Haebin Noh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.