- DZone
- Coding
- Frameworks
- Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]
Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]
We take a look at how to solve an issue you may come up against when integrating OAuth 2 with your Spring Boot project.
Join the DZone community and get the full member experience.
Join For FreeProblem: When redirecting back to your application after a successful OAuth2 authentication, the following error occurs:
Solution: This error occurs when the redirect URL set under the authorization service (Google, Facebook, etc) is not defined as a permitted URL inside your application.
The permitted URL is the one that can be accessed without authentication.
When the authorization service redirects to a non-permitted URL, the application will redirect back to the authorization service for further authentication. The process enters a loop that doesn't end, causing ERR_TOO_MANY_REDIRECTS to occur.
In order to permit the access to the callback URL with Spring Boot, you need to extend WebSecurityConfigurerAdapter and override the security configuration as follows:
@Configuration
@EnableOAuth2Sso
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")
.permitAll()
.anyRequest()
.authenticated();
}
}In the above block, we consider /callback our redirect URL, so we permit access to it using permitAll() while we still secure the access for other URLs.
Published at DZone with permission of Hussein Terek. See the original article here.
Opinions expressed by DZone contributors are their own.
Related
-
Spring OAuth Server: Token Claim Customization
-
How to Implement Two-Factor Authentication in a Spring Boot OAuth Server? Part 1: Configuration
-
Microservices With JHipster
-
Your API Authentication Isn’t Broken; It’s Quietly Failing in These 6 Ways