问题
As to not reveal confidential information, the provider will be replaced by $PROVIDER.
The authorization works, but instead of redirecting me to the index, it redirects me to /error.
Steps to reproduce
- Start the application
- Go on any page, it will redirect me to
http://localhost/oauth_loginwhich displays a linklogin. - Click on the link
login(which links tohttp://localhost/oauth2/authorization/$PROVIDER) - Get redirected to
http://localhost/error
The error page displays the following (I formatted it for readability):
{
"timestamp":"2018-04-05T14:18:47.720+0000",
"status":999,
"error":"None",
"message":"No message available"
}
This is obviously the same parameters shown on the default Whitelabel Error Page, so really, the only problem is that it's in JSON except of being an HTML page. If I refresh http://localhost/error after, it shows me the normal Whitelabel Error Page.
Now this is where it gets weird, if I try to navigate to http://localhost/ after having been redirected to the error page, I am authenticated (the user data is there, so the authorization was successful). Basically, the issue is that I am redirected to http://localhost/error instead of http://localhost/.
Because it is fully functional (aside from the redirection), I will not post the whole security configuration, but I will instead limit it to relevant code:
SecurityConfiguration
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.authorizeRequests().anyRequest()
.authenticated()
.and()
.oauth2Login()
.loginPage("/oauth_login")
.defaultSuccessUrl("/")
.failureUrl("/oauth_login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/oauth_login").permitAll()
;
}
Relevant properties
spring.security.oauth2.client.registration.$PROVIDER.redirectUriTemplate=http://localhost/login/oauth2/code/$PROVIDER
Relevant information
- Once I am authenticated on the website, I can navigate, refresh the page, do whatever I wish (until I log out).
TL;DR Authorization works but redirected to /error instead of /.
回答1:
I actually found the answer to my own question, but I decided to post it anyways in case somebody runs into the same issue.
.defaultSuccessUrl("/")
should have been
.defaultSuccessUrl("/", true)
If you don't set it to true, it will automatically redirect the user to the last previous request, and in my case, the last request is made to the url /error, which explains my problem.
By setting it to true, you force the user to be redirected to whatever your defaultSuccessUrl is.
By looking at the logs, you can actually see it:
2018-04-05 11:04:09 DEBUG [-nio-80-exec-10] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost/error
2018-04-05 11:04:09 DEBUG [-nio-80-exec-10] o.s.security.web.DefaultRedirectStrategy : Redirecting to 'http://localhost/error'
来源:https://stackoverflow.com/questions/49675747/spring-security-oauth2-login-redirect-to-error-page-despite-being-successful