i have simmilar login loop
get http://localhost:9090/test
then redirection
https://login.microsoftonline.com/125f4e...
. login page login email, password
then redirection to http://localhost:9090/login/oauth2/code/?code=0.A....
then should be http://localhost:9090/test with succesful auth,
but i get new 302 redirection to http://localhost:9090/oauth2/authorization/azure
Spring-boot 3.2.4
spring-cloud-azure-starter-active-directory 5.11.0
redirect-url = http://localhost:9090/login/oauth2/code/
@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.apply(AadWebApplicationHttpSecurityConfigurer.aadWebApplication())
.and()
.authorizeHttpRequests()
.anyRequest().authenticated();
return http.build();
Request received for GET '/login/oauth2/code/?code=0.AV0Adk5fEnkocEiAkK_a_cEekhMjTqkDNOhPn-U8wfHgBXhdAAA.AgABBAIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_D79peGnJLfXUI10oRoffIWnMsYJ-f7ceICDbBB2SodFFxM_bRVV5DTQ7D7FfVBUSPnrjUfmrO7JeoxwaDfzLtc4E4NDbeZWsjmWbnSRVUXAgjZPRvbcCcWeSVVPELDLz536QQI9t7nwIzoDO9vLFNb1Q1GDcEC2AbD_9oIiztzhZZ2nErzQWS_UEC5P_0AFuqnCNn6Q0U6t-3TkvJIKK_SxlBlZRjORrGnWA8tL9wMMmiPl5bO7vffFSFKhWV2OiY2tB7965ij6S8edsJtbixt8nqOLtsVcbCEOgROAX0bR5OWYOdlPuMhyxAOPviyzUfUc491-cNlvOXd9x3ay50RTgvE5_WtCgI48GVMbZJPSb90nvz_LMTGf0dsNqdcZdgLYJN5UlOcdvl3IxfqOL34nWoWALgGpeSFMX2nO1eskcrtsG9BB4AvUUvpiTvdOicsYrDJTq6FntwyxB1qagndlHjywtzQhNGPZ8DzR5RtQvem2Ys__C-7fl4_suO-Ah369A_iDS4Acg58OupkEFF-5DkLb_k9rQBhP3RI0DpxeRZgimMPt6bP2uCiFez9JZht0X82j6wwYTbYNA1qgrMG1repBRIBksZmbSJqjwWRWYIdw3QuJ1e0dBhPtf_Jfte03C6Ws_EdiknuqtsmrfATgvza_Iu0mxkfs1p8CHLcNFvVvj_4yC6E1DC0eWXfzOMhADSFdO94ArIXJhv_PlcQCo_2yO_USYUqfx2o28PNNG4zSRVCeBEanhujfevByeFiHA&state=xJqCnA2_MPmGbwSJT2zh9RB5t_Z4MExpqqY_AqkUqlY%3d&session_state=643fa864-84dd-48b9-a038-1ea9e85285cf':
org.apache.catalina.connector.RequestFacade@756132b9
servletPath:/login/oauth2/code/
pathInfo:null
headers:
host: localhost:9090
connection: keep-alive
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
accept-encoding: gzip, deflate, br, zstd
accept-language: de
cookie: JSESSIONID=9AD9F31D92E5B548B3602DE0C156CBFB
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
CsrfFilter
LogoutFilter
OAuth2AuthorizationRequestRedirectFilter
OAuth2LoginAuthenticationFilter
DefaultLoginPageGeneratingFilter
DefaultLogoutPageGeneratingFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
ExceptionTranslationFilter
AuthorizationFilter
************************************************************
2024-04-11T18:40:18.903+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/?code=0.AV0Adk5fEnkocEiAkK_a_cEekMjTqkDNOhPn-U8wfHgBXhdAAA.AgABBAIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_D79peGnJLfXUI10oRoffIWnMsYJ-f7ceICDbBB2SodFFxM_bRVV5DTQ7D7FfVBUSPnrjUfmrO7JeoxwaDfzLtc4E4NDbeZWsjmWbnSRVUXAgjZPRvbcCcWeSVVPELDLz536QQI9t7nwIzoDO9vLFNb1Q1GDcEC2AbD_9oIiztzhZZ2nErzQWS_UEC5P_0AFuqnCNn6Q0U6t-3TkvJIKK_SxlBlZRjORrGnWA8tL9wMMmiPl5bO7vffFSFKhWV2OiY2tB7965ij6S8edsJtbixt8nqOLtsVcbCEOgROAX0bR5OWYOdlPuMhyxAOPviyzUfUc491-cNlvOXd9x3ay50RTgvE5_WtCgI48GVMbZJPSb90nvz_LMTGf0dsNqdcZdgLYJN5UlOcdvl3IxfqOL34nWoWALgGpeSFMX2nO1eskcrtsG9BB4AvUUvpiTvdOicsYrDJTq6FntwyxB1qagndlHjywtzQhNGPZ8DzR5RtQvem2Ys__C-7fl4_suO-Ah369A_iDS4Acg58OupkEFF-5DkLb_k9rQBhP3RI0DpxeRZgimMPt6bP2uCiFez9JZht0X82j6wwYTbYNA1qgrMG1repBRIBksZmbSJqjwWRWYIdw3QuJ1e0dBhPtf_Jfte03C6Ws_EdiknuqtsmrfATgvza_Iu0mxkfs1p8CHLcNFvVvj_4yC6E1DC0eWXfzOMhADSFdO94ArIXJhv_PlcQCo_2yO_USYUqfx2o28PNNG4zSRVCeBEanhujfevByeFiHA&state=xJqCnA2_MPmGbwSJT2zh9RB5t_Z4MExpqqY_AqkUqlY%3d&session_state=643fa864-84dd-48b9-a038-1ea9e85285cf
2024-04-11T18:40:18.903+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.web.client.RestTemplate : HTTP POST https://login.microsoftonline.com/125f4e76-2879-4870-8090-afdafdc11e92/oauth2/v2.0/token
2024-04-11T18:40:18.904+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2024-04-11T18:40:18.904+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[0.AV0Adk5fEnkocEiAkK_a_cEekMjTqkDNOhPn-U8wfHgBXhdAAA.AgABBAIAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P_D79peGnJLfXUI10oRoffIWnMsYJ-f7ceICDbBB2SodFFxM_bRVV5DTQ7D7FfVBUSPnrjUfmrO7JeoxwaDfzLtc4E4NDbeZWsjmWbnSRVUXAgjZPRvbcCcWeSVVPELDLz536QQI9t7nwIzoDO9vLFNb1Q1GDcEC2AbD_9oIiztzhZZ2nErzQWS_UEC5P_0AFuqnCNn6Q0U6t-3TkvJIKK_SxlBlZRjORrGnWA8tL9wMMmiPl5bO7vffFSFKhWV2OiY2tB7965ij6S8edsJtbixt8nqOLtsVcbCEOgROAX0bR5OWYOdlPuMhyxAOPviyzUfUc491-cNlvOXd9x3ay50RTgvE5_WtCgI48GVMbZJPSb90nvz_LMTGf0dsNqdcZdgLYJN5UlOcdvl3IxfqOL34nWoWALgGpeSFMX2nO1eskcrtsG9BB4AvUUvpiTvdOicsYrDJTq6FntwyxB1qagndlHjywtzQhNGPZ8DzR5RtQvem2Ys__C-7fl4_suO-Ah369A_iDS4Acg58OupkEFF-5DkLb_k9rQBhP3RI0DpxeRZgimMPt6bP2uCiFez9JZht0X82j6wwYTbYNA1qgrMG1repBRIBksZmbSJqjwWRWYIdw3QuJ1e0dBhPtf_Jfte03C6Ws_EdiknuqtsmrfATgvza_Iu0mxkfs1p8CHLcNFvVvj_4yC6E1DC0eWXfzOMhADSFdO94ArIXJhv_PlcQCo_2yO_USYUqfx2o28PNNG4zSRVCeBEanhujfevByeFiHA], redirect_uri=[http://localhost:9090/login/oauth2/code/], scope=[openid profile offline_access]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2024-04-11T18:40:19.315+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.web.client.RestTemplate : Response 200 OK
2024-04-11T18:40:19.315+02:00 DEBUG 14279 --- [nio-9090-exec-1] o.s.web.client.RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
2024-04-11T18:40:19.319+02:00 ERROR 14279 --- [nio-9090-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
at org.springframework.web.context.request.RequestContextHolder.currentRequestAttributes(RequestContextHolder.java:131) ~[spring-web-6.1.5.jar:6.1.5]
at com.azure.spring.cloud.autoconfigure.implementation.aad.security.AadOAuth2UserService.loadUser(AadOAuth2UserService.java:114) ~[spring-cloud-azure-autoconfigure-5.11.0.jar:5.11.0]
at com.azure.spring.cloud.autoconfigure.implementation.aad.security.AadOAuth2UserService.loadUser(AadOAuth2UserService.java:49) ~[spring-cloud-azure-autoconfigure-5.11.0.jar:5.11.0]
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:158) ~[spring-security-oauth2-client-6.2.3.jar:6.2.3]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-6.2.3.jar:6.2.3]
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:196) ~[spring-security-oauth2-client-6.2.3.jar:6.2.3]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.2.3.jar:6.2.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) ~[spring-security-web-6.2.3.jar:6.2.3]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.5.jar:6.1.5]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) ~[spring-security-config-6.2.3.jar:6.2.3]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.5.jar:6.1.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.5.jar:6.1.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.5.jar:6.1.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
2024-04-11T18:40:19.321+02:00 INFO 14279 --- [nio-9090-exec-1] Spring Security Debugger :
************************************************************
Request received for GET '/error?code=0.AV0Adk5fEn
solve it , problem was inside anoter config file (MvcConfiguration)
Just commet it out temporary)
MvcConfiguration implements WebMvcConfigurer
