Spring Boot with Spring Security as deployable war results in redirect loop

[mdeinum]

I'm migrating a JSP based application to Spring Boot, for the moment I'm tied to JSP but I'm planning to move to Thymeleaf. However in the meantime I need JSPs to work and I also need Spring Security (basic auth) to work.

When creating an executable jar and run the application, navigating to the URL nicely prompts me with a login box. Supplying credentials is resulting in a login to the application and shows me the default error page. Because JSP doesn't work in a jar file.

The jar is now packaged as a war which can be deployed on Tomcat, however when doing so navigating to the URL leads to a redirect loop to /error instead of prompting me with a login box.

An executable war seems to work but I need it to be a deployable war for now (or at least have that as an option!).

[dsyer]

I doubt if that is anything to do with JSPs. It's not a redirect loop involving the client (browser) though, am I right? It's a stackoverflow internally with the ErrorPageFilter?

[mdeinum]

Indeed it isn't related to JSP but more likely the setup. I don't get a stackoverflow (maybe I should let it run longer for that). But when killing tomcat I get a nice stack with a repeating ErrorPageFilter.doFilter.

org.springframework.boot.context.web.ErrorPageFilter.handleErrorStatus(ErrorPageFilter.java:123)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:104)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:89)

Is the pattern that keeps repeating.

[dsyer]

OK I see the same thing then. I'm not even sure it's security-related, but adding security is an easy way to generate an error state (401 response).