You should not deny access for the login page when the user is logged in, because a 403 forbidden will redirect automatically to login page because it request the user to login.
Better you write a service that checks every request. When it matches login request you need to check if the user is authenticated and redirect him to index page instead to the requested login page.