Spring Security + GWT-重定向过多

Question

我正在使用Spring Security为简单的GWT应用设置登录页面。我正在尝试将登录名与GWT应用程序分开。我是Spring Security的新手，并且遇到一些配置问题。我在login.jsp上看到太多重定向错误

spring-security.xml

<b:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:b="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

   <!-- <http auto-config="true">
        <intercept-url pattern="/**" />
    </http>-->

    <http auto-config="false" use-expressions="true">
        <intercept-url pattern="/login" access="permitAll" />
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/foo.html"/>
        <logout logout-url="/logout" />
        <session-management
                session-authentication-error-url="/login"
                session-fixation-protection="newSession">
            <concurrency-control max-sessions="1"
                                 error-if-maximum-exceeded="true" />
        </session-management>
    </http>

    <b:bean id="customAuthenticationProvider" class="com.lilly.server.security.CustomAuthentcationProvider" />

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="customAuthenticationProvider" />
    </authentication-manager>
</b:beans>

login.jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>

<html>
<body>
<h1 id="banner">Login to GRAPL Automation</h1>
<form name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">
    <table>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='j_username' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='j_password'></td>
        </tr>
        <tr>
            <td colspan="2">&nbsp;</td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit">&nbsp;<input name="reset" type="reset"></td>
        </tr>
    </table>
</form>
</body>
</html>

SecurityConfig.java

@Configuration
@EnableWebSecurity
@ComponentScan("com.lilly.server")
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private CustomAuthentcationProvider ldapAuthentication;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{

        auth.authenticationProvider(ldapAuthentication);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests()
                .antMatchers("*/**").access("isAuthenticated()")
                .anyRequest().authenticated()
                .and().formLogin().loginPage("login.jsp").defaultSuccessUrl("/foo.html")
                .and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login")
                .and().csrf().disable();
    }
}

我不确定spring-security.xml中的配置是否与SecurityConfig.java冲突。我一直在浏览各种示例，但我缺少一些东西。

谢谢您的帮助，