spring启动错误:超出maxRedirects。可能陷入了重定向循环
我试图在spring boot中执行JWT auth,请求被困在重定向循环中 JWTAuthenticationProvider 证券配置 主控制器 当我使用有效的JWT令牌访问端点时,代码在从筛选器到提供程序类的循环中运行,并以错误结束:spring启动错误:超出maxRedirects。可能陷入了重定向循环,spring,spring-boot,spring-security,jwt-auth,Spring,Spring Boot,Spring Security,Jwt Auth,我试图在spring boot中执行JWT auth,请求被困在重定向循环中 JWTAuthenticationProvider 证券配置 主控制器 当我使用有效的JWT令牌访问端点时,代码在从筛选器到提供程序类的循环中运行,并以错误结束: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8000/ error. 调试日志显示以下错误: Servlet.service() for servle
Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8000/ error.
调试日志显示以下错误:
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendError() after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot call sendError() after the response has been committed
有什么建议我在这里遗漏了什么。
提前感谢。我认为这是因为您没有为bean JwtAuthenticationFilter设置AuthenticationSuccessHandler,由于未实际设置,它将继续围绕super和chain循环,稍后需要发送错误时,因为响应已写入super chain中。doFilter将失败,因为一旦写入响应,就无法再次写入,因此在提交响应后会调用错误sendError 在设置此项之前,请在SecurityConfiguration中更正此项
.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()),
FilterSecurityInterceptor.class)
实例化过滤器并将其设置为success manager,如下所示
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager()),FilterSecurityInterceptor.class);
jwtAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());
现在使用上述变量设置过滤器。
这是一个很好的参考项目:。我用另一种方法解决了这个问题。 在JwtAuthenticationFilter类中,我们需要在上下文中设置身份验证对象并调用chain.doFilter。调用super.successfulAuthentication可以跳过,因为我们已经覆盖了实现
@Override
protected void successfulAuthentication(HttpServletRequest request,
HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
//super.successfulAuthentication(request, response, chain, authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
chain.doFilter(request, response);
}
public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
super("/**");
this.setAuthenticationManager(authenticationManager);
//this.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
}
谢谢斯里尼瓦斯。你解释得很好。这就解决了问题。也谢谢你的参考项目。
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendError() after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot call sendError() after the response has been committed
.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()),
FilterSecurityInterceptor.class)
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager()),FilterSecurityInterceptor.class);
jwtAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());
@Override
protected void successfulAuthentication(HttpServletRequest request,
HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
//super.successfulAuthentication(request, response, chain, authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
chain.doFilter(request, response);
}
public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
super("/**");
this.setAuthenticationManager(authenticationManager);
//this.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
}