👀 Views: 27 💬 Answers: 1 📅 Created: 2025-08-25

spring-boot oauth2 spring-security Java

I've been banging my head against this for hours. I've looked through the documentation and I'm still confused about After trying multiple solutions online, I still can't figure this out. I'm sure I'm missing something obvious here, but I'm testing a new approach and I'm working with an scenario with OAuth2 authentication in my Spring Boot application where after successful login, the app goes into a redirect loop. I am using Spring Security 5.5.2 and have set up a custom authorization server using Spring Authorization Server. The flow works correctly up to the point where the user is redirected back to the application after granting access, but instead of loading the dashboard, it keeps redirecting to the login page with the following behavior in the logs: ``` behavior 12345 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Invoking exception translator org.springframework.security.access.AccessDeniedException: Access is denied ``` I've checked my security configurations and they seem fine. Here's a snippet of my `SecurityConfig`: ```java @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/login", "/oauth2/**").permitAll() .anyRequest().authenticated() .and() .oauth2Login(); } } ``` Additionally, I've implemented a custom `OAuth2AuthenticationSuccessHandler` to handle successful logins, but it seems that the redirect URL is not being set correctly. Here’s how I've set it up: ```java public class CustomOAuth2SuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { // Custom redirect logic here response.sendRedirect("/dashboard"); } } ``` However, when I debug, I see that the `onAuthenticationSuccess` method is called, but then it redirects back to `/login` instead of going to `/dashboard`. I suspect that the session or token is not being saved correctly. I have also ensured that the redirect URI is correctly registered in the authorization server and matches what the client requests. Can anyone point me in the right direction? What could cause this redirect loop and how can I debug it further? My team is using Java for this mobile app. Any pointers in the right direction? Am I missing something obvious? I've been using Java for about a year now. I'm developing on Windows 10 with Java.