Menu
I have a Spring Boot 1.3.0 application with Spring Security OAuth included as a sort of SSO integration.
The problem is that the application is running in a non-SSL environment with a non-standard port behind a load balancer (F5) that forces SSL and the OAuth provider requires all redirect URLs be registered as https, but the Spring OAuth client (auto-configured with @EnableOAuthSso) will only redirect to the OAuth provider with the following URL...
https://[provider_host]/oauth/authorize?client_id=[redact]&redirect_uri=http://[application_host]/login&response_type=code&scope=[redact]&state=IpMYTe
Note that the return redirect_uri is generated as http. Even though the F5 will force it to https on the way back, our OAuth provider will not allow a non-SSL redirect URI. How can I configure this?
With the exception of my Spring Data JPA controllers, this is the entirety of the app...
@SpringBootApplication(exclude = { HibernateJpaAutoConfiguration.class }) @EnableJpaRepositories public class AppConfig extends SpringBootServletInitializer { public static void main(final String... args) { SpringApplication.run(AppConfig.class, args); } @Autowired public DataSource dataSource; @Bean(name = "entityManagerFactory") public LocalContainerEntityManagerFactoryBean getEntityManagerFactoryInfo() { final LocalContainerEntityManagerFactoryBean fac = new LocalContainerEntityManagerFactoryBean(); fac.setDataSource(dataSource); fac.setJpaVendorAdapter(new HibernateJpaVendorAdapter()); fac.setPackagesToScan("[redact]"); final Properties props = new Properties(); props.put("hibernate.dialect", "org.hibernate.dialect.SQLServerDialect"); props.put("hibernate.show_sql", "true"); props.put("hibernate.format_sql", "true"); fac.setJpaProperties(props); return fac; } @Bean(name = "transactionManager") public PlatformTransactionManager getTransactionManager() { final JpaTransactionManager transactMngr = new JpaTransactionManager(); transactMngr.setEntityManagerFactory(getEntityManagerFactoryInfo().getObject()); return transactMngr; } } @Configuration @EnableOAuth2Sso public class SecurityConfig { } server.port=9916 server.contextPath= server.use-forward-headers=true security.oauth2.client.clientId=[redact] security.oauth2.client.clientSecret=[redact] security.oauth2.client.scope=[redact] security.oauth2.client.accessTokenUri=https://[provider_host]/oauth/token security.oauth2.client.userAuthorizationUri=https://[provider_host]/oauth/authorize security.oauth2.resource.userInfoUri=https://[provider_host]/oauth/me security.oauth2.resource.preferTokenInfo=false logging.level.org.springframework=TRACE 
563
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
In Spring boot, we have one mechanism which helps us to do Authorization; this is called as oauth2. 0; by the use of this, we can easily authorize the interaction between two services. The main purpose of oauth2 is to authorize two services on behalf of the user who has access to the resource.
redirect_uri. Required. Determines where the API server redirects the user after the user completes the authorization flow. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in your client's API Console Credentials page.
After project Spring Security OAuth has been deprecated, there was a lot of confusion in the community. You could use Spring Security to write the resource server but not the authorization server.
After digging manually through the configuration classes I was able to find and add the following, which did the trick...
security.oauth2.client.pre-established-redirect-uri=https://[application_host]/login security.oauth2.client.registered-redirect-uri=https://[application_host]/login security.oauth2.client.use-current-uri=false I'm not convinced there isn't a better way to solve the problem of forcing a HTTPS redirect URL, but this fix worked for me.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With