{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《Authorization_code grant redirection issue》','https://www.manongdao.com/q-1180804.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have implemented authorization_code grant flow which works fine when my Auth Server is run locally.
A client is getting redirected to auth server login page through
/oauth/authorizeend point.On successful login it is getting redirected to the
redirect_uriprovided in the/oauth/authorizecall where it is getting theauthorization_code.
Very well.
The problem is when the Auth Server is put behind proxy the last step where after successful login client is supposed to get the authorization_code on redirected resource is not working at all. It is always getting redirected to Auth Server's root.
To handle this I created a UsernamePasswordAuthenticationFilter where I configured AuthenticationSuccessHandler as below
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler savedSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
savedSuccessHandler.setUseReferer(true);
return savedSuccessHandler;
}
@Bean
public UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter() throws Exception
{
UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
usernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManager());
usernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return usernamePasswordAuthenticationFilter;
}
I also did some configurations at proxy level as suggested here.
<VirtualHost *:443>
ServerName my.domain.com
ProxyPass / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPreserveHost On
</VirtualHost>
And adding below to my application.properties
server.use-forward-headers=true
But none of the above worked. I tried some other options as well but I guess they are not worth mentioning here.
I can't figure out if something is getting missed or some misconfiguration.
Update: On successful login redirection is not happening to /ouath/authorize itself but in case of login failure it is getting redirected to login page with /login?error
Also, it is running locally on Tomcat but on Wildfly behind proxy. I debugged it and found that there is a library in Tomcat : org.apache.coyote.http11.AbstractHttp11Processor which maintains a RequestInfo object holding the original /oauth/authorize request with all the parameters. When debugged over Wildfly no such object could be found. I am sharing the below for reference. I guess now it is more related to server than proxy.
Debugging on tomcat
With the original problem still remaining a mystery I got the implementation finally working (not a proper solution though). Below is the complete setup
I tried packaging and running application as a jar but then faced issues with loading JSPs. For this some solutions suggested to place all the JSPs under
/src/main/resources/META-INF/resources/WEB-INF/jspfolder. But in my case I couldn't get it working. As a solution instead of packaging the application as a jar I packaged it as a WAR with JSPs in their default and ran it as a jar with embedded Apache Tomcat versioned 8.5.27 (Spring Boot 1.5.10.RELEASE)For running JSPs over Tomcat below was added in the pom file
Note : Some solutions I came across suggested
<scope>to be valuedprovided. In my case it worked without it. Explicitly mentioning it as commented below.I hope this is helpful in case someone stumbles upon the same problem. Any answers/comments are welcome.