is doing this tutorial recently, which is basically a typical OAuth2 login process:
1. After the user clicks "Login Using FaceBook" on the webpage of his website Jump to FaceBook (OAuth2 Auth Server) for authentication
2. Go to the authorization page of Auth Server for authorization
3. Go to a URL of your own website to trigger the Exchange of
AccessToken 4. Return to the initial page after obtaining the AccessToken successfully.
Because I have my own technology stack, I did not use the official AngularJS as the front-end. I simply used Fetch+JQuery, but the following problems occurred:
OAuth2 Auth Server (I used my own server, not FB) After successful login , the browser does not jump back to the localhost/ page, but jumps to the localhost/user page. Although the login is successful, there is a problem with the landing page.
I followed the source code and recorded a few knowledge points:
1. DEFAULT_LOGIN_PATH is defined in the OAuth2SsoProperties class, which is "/login". This URL is used in step 3 and is the URL responsible for exchanging tokens with the Auth server. There is a Return in the OAuth2 process. The concept of URI is the URL where Auth Server will redirect you after successful authentication.
2. After the business logic of /login is completed, where should the user be redirected? Of course it should redirect to the user's "last visited" page. How is this "last visited" page defined? It is triggered in ExceptionTranslationFilter (please add your own knowledge of the function of this Filter), and finally calls HttpSessionRequestCache.saveRequest() to store a requestCache. That is to say, if the page you visit is not a protected page, Spring will not save the request Cache. Of course, Spring also provides other redirection strategies, such as redirecting to a fixed page all the time.
3. As can be seen from 2, in fact, which page to return to after successful login has been decided when you clicked the "login using XXX" button, it should be the last protected page you accessed before clicking this button. page. Then why can the official document go back to "/home", but I can only go back to the "/user" page? And from the process point of view, the /user API must be called, so /user is the landing page that should have been originally, and my result is correct in terms of atmosphere. . .
Continue to follow the source code to see the example in the official document HttpSessionRequestCache.saveRequest() Why did this method not save the access record of /user, and found that it was in the first line of the method
requestMatcher.matches(request)
At that time, I delegated to the class MediaTypeRequestMatcher, and I didn't take a closer look at the reason. The main difference is that when I use Angular, the Accept header is added to the request, and I don't have this header when I use Fetch.
So add Accept:application/json, the problem is solved.
This pit is really hard to prevent. Even though Spring Boot makes everything look easy now, the convenience that comes at a price when you encounter pitfalls. . .