Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

DZone's Guide to

Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

We take a look at how to solve an issue you may come up against when integrating OAuth 2 with your Spring Boot project.

· Java Zone ·
Free Resource

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

Problem: When redirecting back to your application after a successful OAuth2 authentication, the following error occurs:

Solution: This error occurs when the redirect URL set under the authorization service (Google, Facebook, etc) is not defined as a permitted URL inside your application.

The permitted URL is the one that can be accessed without authentication.

When the authorization service redirects to a non-permitted URL, the application will redirect back to the authorization service for further authentication. The process enters a loop that doesn't end, causing ERR_TOO_MANY_REDIRECTS to occur.

In order to permit the access to the callback URL with Spring Boot, you need to extend WebSecurityConfigurerAdapter and override the security configuration as follows:

@Configuration
@EnableOAuth2Sso
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .antMatcher("/**")
          .authorizeRequests()
            .antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")
            .permitAll()
          .anyRequest()
            .authenticated();
    }

}


In the above block, we consider /callback our redirect URL, so we permit access to it using permitAll() while we still secure the access for other URLs.

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Topics:
java ,sprint boot ,spring security ,oauth 2 ,WebSecurityConfigurerAdapter ,ERR_TOO_MANY_REDIRECTS

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}