oauth2 Nginx proxy problem (https->http)

Others 2021-03-30 13:08:02 views: null

oauth2 Nginx proxy problem (https->http)

  • When deploying user authentication to the official environment of the system recently, there was a problem logging in. In the local development environment, everything is normal, but a server would put authentication fails, review the log found OAuth2the redirectUriparameters do not match

  • The understanding is through springboot through UrlUtils.buildFullRequestUrl(request)the HttpServletRequestacquisition of redirectUri:

OAuth2LoginAuthenticationFilter

String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request))
                .replaceQuery(null)
                .build()
                .toUriString();
  • Configure the server nginxas a reverse proxy server, which results in Spring, you can not get correct schemeand host, which led to redirectUrinot match correctly so that authentication has failed.

Solve the problem

1: First, https forwarding proxy http protocol, to support cross-domain, and set the springboot Tomcat protocol-header-https-value: "https" is https

**Nginx **

	proxy_set_header HOST $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

Tomcat

  • 1. If it is Tomcat embedded in springboot, application.yml must be configured with the following parameters
server:
  tomcat:
    remote-ip-header: "X-Forwarded-For"
    protocol-header: "X-Forwarded-Proto"
    protocol-header-https-value: "https
  • 2. If it is Tomcat, just configure the following parameters
<Engine >
    <Valve className="org.apache.catalina.valves.RemoteIpValve"  
    remoteIpHeader="X-Forwarded-For"  
    protocolHeader="X-Forwarded-Proto"  
    protocolHeaderHttpsValue="https"/> 
</Engine >

What solved it? Of course, pay attention to the last step. ,

Just pay attention to the prefix of the Nginx proxy: for example, I am https://craywen.top/pms

When proxying to http://127.0.0.1:8099 through pms nginx matching route (^~ /pms)

Pay attention to this, after the code redirectUriwill bring pms, there are two solutions

1: Configure the redirect url in Nginx

rewrite ^/user/(.*)$ /$1 break;
proxy_pass http://user;

2: Add /pms to the whitelist of oauth2

  • Refer to https://www.jianshu.com/p/cf0056c64fa4

Guess you like

Origin blog.csdn.net/qq_38893133/article/details/107856646
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com