Over a million developers have joined DZone.

Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

DZone's Guide to

Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

We take a look at how to solve an issue you may come up against when integrating OAuth 2 with your Spring Boot project.

· Java Zone ·
Free Resource

Verify, standardize, and correct the Big 4 + more– name, email, phone and global addresses – try our Data Quality APIs now at Melissa Developer Portal!

Problem: When redirecting back to your application after a successful OAuth2 authentication, the following error occurs:

Solution: This error occurs when the redirect URL set under the authorization service (Google, Facebook, etc) is not defined as a permitted URL inside your application.

The permitted URL is the one that can be accessed without authentication.

When the authorization service redirects to a non-permitted URL, the application will redirect back to the authorization service for further authentication. The process enters a loop that doesn't end, causing ERR_TOO_MANY_REDIRECTS to occur.

In order to permit the access to the callback URL with Spring Boot, you need to extend WebSecurityConfigurerAdapter and override the security configuration as follows:

public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
            .antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")


In the above block, we consider /callback our redirect URL, so we permit access to it using permitAll() while we still secure the access for other URLs.

Developers! Quickly and easily gain access to the tools and information you need! Explore, test and combine our data quality APIs at Melissa Developer Portal – home to tools that save time and boost revenue. 

java ,sprint boot ,spring security ,oauth 2 ,WebSecurityConfigurerAdapter ,ERR_TOO_MANY_REDIRECTS

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}