春季安全“ requiresSecure()”结果ERR_TOO_MANY_REDIRECTS

时间:2018-11-14 14:37:27

标签: java spring spring-security

我具有以下http安全配置

http
    .authorizeRequests()
        .antMatchers("/login").permitAll()
        .and()
    .authorizeRequests()
        .antMatchers("/logout").permitAll()
        .and()
    .authorizeRequests()
        .anyRequest().hasRole("USER")
        .and()
    .exceptionHandling()
        .accessDeniedPage("/login?authorization_error=true")
        .and()
    .csrf()
        .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
    .logout()
        .logoutSuccessUrl("/")
        .logoutUrl("/logout.do")
        .and()
    .formLogin()
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        .failureUrl("/login?authentication_error=true")
        .loginPage("/login")
        .loginProcessingUrl("/login.do")
        .and()
    .requiresChannel()
         .anyRequest().requiresSecure();

当我尝试访问 https:// {url} / login 时,此结果是 ERR_TOO_MANY_REDIRECTS 。但是,当我按照以下方式删除requiresSecure()时,可以访问 https:// {url} / login 

http
    .authorizeRequests()
        .antMatchers("/login").permitAll()
        .and()
    .authorizeRequests()
        .antMatchers("/logout").permitAll()
        .and()
    .authorizeRequests()
        .anyRequest().hasRole("USER")
        .and()
    .exceptionHandling()
        .accessDeniedPage("/login?authorization_error=true")
        .and()
    .csrf()
        .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
    .logout()
        .logoutSuccessUrl("/")
        .logoutUrl("/logout.do")
        .and()
    .formLogin()
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        .failureUrl("/login?authentication_error=true")
        .loginPage("/login")
        .loginProcessingUrl("/login.do")
        .and()
    .requiresChannel().anyRequest();

有人知道吗?

1 个答案:

答案 0 :(得分:0)

这似乎是由于您的代码块顺序而引起的。请尝试以下代码,看看是否可行。将所有antMatchers添加到同一代码块中可能会很容易。

http
            .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll()
                .anyRequest().hasRole("USER")
                .and()
            .exceptionHandling()
                .accessDeniedPage("/login?authorization_error=true")
                .and()
            .logout()
                .logoutSuccessUrl("/")
                .logoutUrl("/logout.do")
                .and()
            .formLogin()
                .usernameParameter("j_username")
                .passwordParameter("j_password")
                .failureUrl("/login?authentication_error=true")
                .loginPage("/login")
                .loginProcessingUrl("/login.do")
                .and()
            .requiresChannel()
                .anyRequest().requiresSecure()
                .and()                
            .csrf()
                .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable();
相关问题
最新问题