spring启动错误：超出maxRedirects。可能陷入了重定向循环_Spring_Spring Boot_Spring Security_Jwt Auth

spring启动错误：超出maxRedirects。可能陷入了重定向循环

spring spring-boot spring-security

spring启动错误：超出maxRedirects。可能陷入了重定向循环,spring,spring-boot,spring-security,jwt-auth,Spring,Spring Boot,Spring Security,Jwt Auth,我试图在spring boot中执行JWT auth，请求被困在重定向循环中 JWTAuthenticationProvider 证券配置主控制器当我使用有效的JWT令牌访问端点时，代码在从筛选器到提供程序类的循环中运行，并以错误结束： Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8000/ error. 调试日志显示以下错误： Servlet.service() for servle

我试图在spring boot中执行JWT auth，请求被困在重定向循环中

JWTAuthenticationProvider

证券配置

主控制器

当我使用有效的JWT令牌访问端点时，代码在从筛选器到提供程序类的循环中运行，并以错误结束：

Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8000/ error.

调试日志显示以下错误：

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendError() after the response has been committed] with root cause

java.lang.IllegalStateException: Cannot call sendError() after the response has been committed

有什么建议我在这里遗漏了什么。

提前感谢。

我认为这是因为您没有为bean JwtAuthenticationFilter设置AuthenticationSuccessHandler，由于未实际设置，它将继续围绕super和chain循环，稍后需要发送错误时，因为响应已写入super chain中。doFilter将失败，因为一旦写入响应，就无法再次写入，因此在提交响应后会调用错误sendError

在设置此项之前，请在SecurityConfiguration中更正此项

.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()),
                        FilterSecurityInterceptor.class)

实例化过滤器并将其设置为success manager，如下所示

JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager()),FilterSecurityInterceptor.class);

jwtAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());

现在使用上述变量设置过滤器。

这是一个很好的参考项目：。

我用另一种方法解决了这个问题。在JwtAuthenticationFilter类中，我们需要在上下文中设置身份验证对象并调用chain.doFilter。调用super.successfulAuthentication可以跳过，因为我们已经覆盖了实现

 @Override
   protected void successfulAuthentication(HttpServletRequest request,

   HttpServletResponse response, FilterChain chain, Authentication authResult)
                throws IOException, ServletException {
            //super.successfulAuthentication(request, response, chain, authResult);
            SecurityContextHolder.getContext().setAuthentication(authResult);
            chain.doFilter(request, response);
        }

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
        super("/**");
        this.setAuthenticationManager(authenticationManager);
        //this.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
    }

谢谢斯里尼瓦斯。你解释得很好。这就解决了问题。也谢谢你的参考项目。

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendError() after the response has been committed] with root cause

java.lang.IllegalStateException: Cannot call sendError() after the response has been committed

.addFilterBefore(new JwtAuthenticationFilter(authenticationManager()),
                        FilterSecurityInterceptor.class)

JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager()),FilterSecurityInterceptor.class);

jwtAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());

 @Override
   protected void successfulAuthentication(HttpServletRequest request,

   HttpServletResponse response, FilterChain chain, Authentication authResult)
                throws IOException, ServletException {
            //super.successfulAuthentication(request, response, chain, authResult);
            SecurityContextHolder.getContext().setAuthentication(authResult);
            chain.doFilter(request, response);
        }

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
        super("/**");
        this.setAuthenticationManager(authenticationManager);
        //this.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
    }