Java Community | Help. Code. Learn.•5d ago

Jwt Auth Issue

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Autowired
    private JwtFilter jwtFilter;

    @Autowired
    private CustomAuthenticationFailureHandler customFailureHandler;

    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf(csrf -> csrf.disable())
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Stateless
                                                                                                              // session
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/**").permitAll()
                        .anyRequest().authenticated())
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) 
                .formLogin(formLogin -> formLogin
                        .loginPage("/login") // Custom login page
                        .defaultSuccessUrl("/hi", true) // Redirect after successful login
                        .failureHandler(customFailureHandler) // Set custom failure handler
                        // .failureUrl("/login?error=true") // Redirect after failed login
                        .permitAll()) // Allow all to access login endpoints
                .logout(logout -> logout
                        .logoutUrl("/logout") // Process logout requests
                        .logoutSuccessUrl("/login?logout=true") // Redirect after logout
                        .invalidateHttpSession(true) // Invalidate session on logout
                        .clearAuthentication(true)
                        .permitAll());
        return httpSecurity.build();
    }

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Autowired
    private JwtFilter jwtFilter;

    @Autowired
    private CustomAuthenticationFailureHandler customFailureHandler;

    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf(csrf -> csrf.disable())
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Stateless
                                                                                                              // session
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/**").permitAll()
                        .anyRequest().authenticated())
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) 
                .formLogin(formLogin -> formLogin
                        .loginPage("/login") // Custom login page
                        .defaultSuccessUrl("/hi", true) // Redirect after successful login
                        .failureHandler(customFailureHandler) // Set custom failure handler
                        // .failureUrl("/login?error=true") // Redirect after failed login
                        .permitAll()) // Allow all to access login endpoints
                .logout(logout -> logout
                        .logoutUrl("/logout") // Process logout requests
                        .logoutSuccessUrl("/login?logout=true") // Redirect after logout
                        .invalidateHttpSession(true) // Invalidate session on logout
                        .clearAuthentication(true)
                        .permitAll());
        return httpSecurity.build();
    }

This is the exception in postman i am getting

Error: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8080/login

Error: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8080/login

12 Replies

JavaBot•5d ago

⌛ This post has been reserved for your question.

Hey @Danix! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.

DanixOP•5d ago

What i am not adding in it so i am getting this error ?

red•4d ago

The problem is that you are using formlogin but your session strategy is stateless, and the use of formlogin depends on enabling sessions Try to use "if required" instead of stateless or remove formlogin if you want to use JWT authentication

DanixOP•4d ago

Do you have any doc for it ?

red•4d ago

About session control and management with spring security, just an article by baeldung: https://www.baeldung.com/spring-security-session

Baeldung

Control the Session with Spring Security | Baeldung

Configure Sessions with Spring Security - set up Concurrent Sessions, enable Session Fixation Protection and prevent URLs from containing Session information.

DanixOP•4d ago

Now i did something like this but still not generating the token and not even getting it in the header ! Now i am able to login in buit without jwt token !

message.txt

DanixOP•4d ago

I want to create a frontend for the form and generate a jwt token when the user's credentials are correct

red•4d ago

Where are you storing the token? If you just store the token in the header and send it to the client, it will only be valid for a single request. Consider storing in a Cookie, or sessionStorage I recommend using a cookie if the token is not needed on the client side.

JavaBot•4d ago

💤 Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived. If your question was not answered yet, feel free to re-open this post or create a new one. In case your post is not getting any attention, you can try to use /help ping. Warning: abusing this will result in moderative actions taken against you.

DanixOP•3d ago

I want to make the jwt for the backend and a form for the frontend with react then which approach should I have to follow ?

JavaBot•3d ago

💤 Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived. If your question was not answered yet, feel free to re-open this post or create a new one. In case your post is not getting any attention, you can try to use /help ping. Warning: abusing this will result in moderative actions taken against you.

Maxxx005•10h ago

Try storing in local storage or cookie/session.

Gaming

Programming

Jwt Auth Issue

Did you find this page helpful?