一尘不染

Spring OAuth redirect_uri不使用https

spring-boot

我有一个包含Spring Security OAuth的Spring Boot 1.3.0应用程序,作为一种SSO集成。

问题在于,该应用程序在非SSL环境中运行,并且负载平衡器(F5)后面有一个非标准端口,该端口强制SSL,OAuth提供程序要求所有重定向URL都注册为https,但是Spring
OAuth客户端(自动(使用@EnableOAuthSso配置)将仅重定向到具有以下URL的OAuth提供程序…

https:// [provider_host] / oauth / authorize?client_id = [redact]
&redirect_uri
= http:// [application_host] /
login
&response_type = code&scope =
[redact]&state = IpMYTe

请注意,返回的redirect_uri生成为http。即使F5会在返回途中将其强制为https,我们的OAuth提供程序也将不允许非SSL重定向URI。我该如何配置?

除了我的Spring Data JPA控制器外,这就是整个应用程序。

AppConfig.java

@SpringBootApplication(exclude = { HibernateJpaAutoConfiguration.class })
@EnableJpaRepositories
public class AppConfig extends SpringBootServletInitializer {

    public static void main(final String... args) {
        SpringApplication.run(AppConfig.class, args);
    }

    @Autowired
    public DataSource dataSource;

    @Bean(name = "entityManagerFactory")
    public LocalContainerEntityManagerFactoryBean getEntityManagerFactoryInfo() {
        final LocalContainerEntityManagerFactoryBean fac = new LocalContainerEntityManagerFactoryBean();
        fac.setDataSource(dataSource);
        fac.setJpaVendorAdapter(new HibernateJpaVendorAdapter());
        fac.setPackagesToScan("[redact]");

        final Properties props = new Properties();
        props.put("hibernate.dialect", "org.hibernate.dialect.SQLServerDialect");
        props.put("hibernate.show_sql", "true");
        props.put("hibernate.format_sql", "true");
        fac.setJpaProperties(props);

        return fac;
    }

    @Bean(name = "transactionManager")
    public PlatformTransactionManager getTransactionManager() {
        final JpaTransactionManager transactMngr = new JpaTransactionManager();
        transactMngr.setEntityManagerFactory(getEntityManagerFactoryInfo().getObject());
        return transactMngr;
    }

}

SecurityConfig.java

@Configuration
@EnableOAuth2Sso
public class SecurityConfig {

}

application.properties

server.port=9916
server.contextPath=

server.use-forward-headers=true

security.oauth2.client.clientId=[redact]
security.oauth2.client.clientSecret=[redact]
security.oauth2.client.scope=[redact]
security.oauth2.client.accessTokenUri=https://[provider_host]/oauth/token
security.oauth2.client.userAuthorizationUri=https://[provider_host]/oauth/authorize
security.oauth2.resource.userInfoUri=https://[provider_host]/oauth/me
security.oauth2.resource.preferTokenInfo=false

logging.level.org.springframework=TRACE

阅读 602

收藏
2020-05-30

共1个答案

一尘不染

在手动浏览配置类之后,我能够找到并添加以下内容,从而达到了目的…

security.oauth2.client.pre-established-redirect-uri=https://[application_host]/login
security.oauth2.client.registered-redirect-uri=https://[application_host]/login
security.oauth2.client.use-current-uri=false

我不认为没有更好的方法来解决强制HTTPS重定向URL的问题,但是此修复程序对我有用。

2020-05-30