问题
I have implemented authorization_code grant flow which works fine when my Auth Server is run locally.
A client is getting redirected to auth server login page through
/oauth/authorizeend point.On successful login it is getting redirected to the
redirect_uriprovided in the/oauth/authorizecall where it is getting theauthorization_code.
Very well.
The problem is when the Auth Server is put behind proxy the last step where after successful login client is supposed to get the authorization_code on redirected resource is not working at all. It is always getting redirected to Auth Server's root.
To handle this I created a UsernamePasswordAuthenticationFilter where I configured AuthenticationSuccessHandler as below
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler savedSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
savedSuccessHandler.setUseReferer(true);
return savedSuccessHandler;
}
@Bean
public UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter() throws Exception
{
UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
usernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManager());
usernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return usernamePasswordAuthenticationFilter;
}
I also did some configurations at proxy level as suggested here.
<VirtualHost *:443>
ServerName my.domain.com
ProxyPass / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPreserveHost On
</VirtualHost>
And adding below to my application.properties
server.use-forward-headers=true
But none of the above worked. I tried some other options as well but I guess they are not worth mentioning here.
I can't figure out if something is getting missed or some misconfiguration.
Update: On successful login redirection is not happening to /ouath/authorize itself but in case of login failure it is getting redirected to login page with /login?error
Also, it is running locally on Tomcat but on Wildfly behind proxy. I debugged it and found that there is a library in Tomcat : org.apache.coyote.http11.AbstractHttp11Processor which maintains a RequestInfo object holding the original /oauth/authorize request with all the parameters. When debugged over Wildfly no such object could be found. I am sharing the below for reference. I guess now it is more related to server than proxy.
Debugging on tomcat
回答1:
With the original problem still remaining a mystery I got the implementation finally working (not a proper solution though). Below is the complete setup
I tried packaging and running application as a jar but then faced issues with loading JSPs. For this some solutions suggested to place all the JSPs under
/src/main/resources/META-INF/resources/WEB-INF/jspfolder. But in my case I couldn't get it working. As a solution instead of packaging the application as a jar I packaged it as a WAR with JSPs in their default and ran it as a jar with embedded Apache Tomcat versioned 8.5.27 (Spring Boot 1.5.10.RELEASE)For running JSPs over Tomcat below was added in the pom file
Note : Some solutions I came across suggested <scope> to be valued provided. In my case it worked without it. Explicitly mentioning it as commented below.
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<!--<scope>provided</scope>-->
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<!--<scope>provided</scope>-->
</dependency>
I hope this is helpful in case someone stumbles upon the same problem. Any answers/comments are welcome.
来源:https://stackoverflow.com/questions/57273179/authorization-code-grant-redirection-issue