0

I have enabled spring security 5 via Oauth2 code grant type in my UI application.

The base or context uri of UI application is "/" and the redirect URI is "BASE_URI/welcome/"

When i configure redirect URI template as "https://:/welcome/login/oauth2/code/myAuthProvider" it gives error as invalid redirect URI.

This error is coming because spring security is trying to find "/welcome/login/oauth2/code/myAuthProvider" instead of "/login/oauth2/code/myAuthProvider"

Below documentation suggests how to change default redirect uri. However, i need solution to tell spring security to ignore "/welcome/" in redirection endpoint. Please suggest any approach or guide me if my understanding is incorrect.

https://docs.spring.io/spring-security/site/docs/5.0.7.RELEASE/reference/html/oauth2login-advanced.html#oauth2login-advanced-redirection-endpoint

application.yml

spring:
  application:
    name: My Client Application
  main:
    allow-bean-definition-overriding: true
  security:
    oauth2:
      client:
        provider:
          myAuthProvider:
            token-uri: https://someserver.com/as/token.oauth2
            authorization-uri: https://someserver.com/as/authorization.oauth2
        registration:
          myAuthProvider:
            client-name: myAuthProvider
            client-id: ABCID
            client-secret: XYZSECRET
            client-authentication-method: basic
            authorization-grant-type: authorization_code
            redirect-uri: https://localhost:8080/welcome/login/oauth2/code/myAuthProvider

WebClient as

@Configuration
public class WebClientConfig {

    @Bean
    WebClient authProviderWebClient(ClientRegistrationRepository clientRegistrations,
                                    OAuth2AuthorizedClientRepository authorizedClients) {
        var oauth = new ServletOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations,authorizedClients);
        oauth.setDefaultOAuth2AuthorizedClient(true);
        oauth.setDefaultClientRegistrationId("myAuthProvider");

        return WebClient.builder()
                .apply(oauth.oauth2Configuration())
                .build();
    }
}

WebSecurityConfig as

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .oauth2Login();
    }
}

controller as

@Controller @RequestMapping("/welcome") public class WelcomeController {

private static final String WELCOME_PAGE = "welcome";

@GetMapping("/")
public String homePage() {
    ....
    return WELCOME_PAGE;
}

}

user2800089
  • 2,015
  • 6
  • 26
  • 47

1 Answers1

0

application.yml

myAuthProvider:
    client-name: myAuthProvider
    client-id: ABCID
    client-secret: XYZSECRET
    client-authentication-method: basic
    authorization-grant-type: authorization_code
    redirect-uri: "{baseUrl}/welcome/login/oauth2/code/{registrationId}"

WebSecurityConfig.class

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

 @Override
 protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .oauth2Login()
           .redirectionEndpoint().baseUri("/welcome/login/oauth2/callback/*");
 }
}
Vladimir
  • 612
  • 3
  • 16
  • can you please look at my question. https://stackoverflow.com/questions/72578781/soap-web-service-is-sending-response-even-when-the-request-does-not-have-okta-to – M S Kulkarni Jun 12 '22 at 02:52