I am doing the OAuth2 login for Google I used the spring security Oauth2 for that.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
.oauth2Login(login -> login
.authorizationEndpoint()
.baseUri("/oauth2/authorize")
.authorizationRequestRepository(httpCookieOAuth2AuthorizationRequestRepository)
.and()
.redirectionEndpoint()
.baseUri("/oauth2/callback/*")
.and()
.userInfoEndpoint()
.userService(customOAuth2UserServiceOAuthUserService)
.oidcUserService(customOidcUserService)
.and()
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(oAuth2AuthenticationFailureHandler));
the httpCookieOAuth2AuthorizationRequestRepository
@Component
public class HttpCookieOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
public static final String OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME = "oauth2_auth_request";
public static final String REDIRECT_URI_PARAM_COOKIE_NAME = "redirect_uri";
private static final int cookieExpireSeconds = 180;
@Override
public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
return CookieUtils.getCookie(request, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME)
.map(cookie -> CookieUtils.deserialize(cookie, OAuth2AuthorizationRequest.class))
.orElse(null);
}
@Override
public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) {
if (authorizationRequest == null) {
CookieUtils.deleteCookie(request, response, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME);
CookieUtils.deleteCookie(request, response, REDIRECT_URI_PARAM_COOKIE_NAME);
return;
}
String cookieSerialize = CookieUtils.serialize(authorizationRequest);
CookieUtils.addCookie(response, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME, cookieSerialize , cookieExpireSeconds);
String redirectUriAfterLogin = request.getParameter(REDIRECT_URI_PARAM_COOKIE_NAME);
if (StringUtils.isNotBlank(redirectUriAfterLogin)) {
CookieUtils.addCookie(response, REDIRECT_URI_PARAM_COOKIE_NAME, redirectUriAfterLogin, cookieExpireSeconds);
}
}
@Override
public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
return this.loadAuthorizationRequest(request);
}
public void removeAuthorizationRequestCookies(HttpServletRequest request, HttpServletResponse response) {
CookieUtils.deleteCookie(request, response, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME);
CookieUtils.deleteCookie(request, response, REDIRECT_URI_PARAM_COOKIE_NAME);
}
}
@Service
@Slf4j
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
private final Oauth2UserProcessor oauth2UserProcessor;
@Autowired
public CustomOAuth2UserService(Oauth2UserProcessor oauth2UserProcessor) {
this.oauth2UserProcessor = oauth2UserProcessor;
}
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
try {
return oauth2UserProcessor.processOAuth2User(oAuth2UserRequest, oAuth2User);
} catch (AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
// Throwing an instance of AuthenticationException will trigger the OAuth2AuthenticationFailureHandler
throw new InternalAuthenticationServiceException(ex.getMessage(), ex.getCause());
}
}
}
CustomOidcUserService
@Service
@Slf4j
public class CustomOidcUserService extends OidcUserService {
private final Oauth2UserProcessor oauth2UserProcessor;
@Autowired
public CustomOidcUserService(Oauth2UserProcessor oauth2UserProcessor) {
this.oauth2UserProcessor = oauth2UserProcessor;
}
@Override
public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
OidcUser oidcUser = super.loadUser(oidcUserRequest);
try {
return oauth2UserProcessor.processOidcUser(oidcUserRequest, oidcUser);
} catch (AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
ex.printStackTrace();
// Throwing an instance of AuthenticationException will trigger the OAuth2AuthenticationFailureHandler
throw new InternalAuthenticationServiceException(ex.getMessage(), ex.getCause());
}
}
}
OAuth2AuthenticationSuccessHandler
@Component
public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException {
String targetUrl;
try {
targetUrl = buildTargetUrl(request, authentication);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
clearAuthenticationAttributes(request, response);
getRedirectStrategy().sendRedirect(request, response, targetUrl);
} catch (KafkaExecutionException e) {
throw new IOException(e.getMessage());
}
}
protected String buildTargetUrl(HttpServletRequest request,
Authentication authentication) throws KafkaExecutionException {
try {
Optional<String> redirectUri
= CookieUtils.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME).map(Cookie::getValue);
if (redirectUri.isPresent() && !isAuthorizedRedirectUri(redirectUri.get())) {
throw new BadRequestException("Sorry! We've got an Unauthorized Redirect URI and can't proceed with the " +
"authentication: " + redirectUri.get());
}
String targetUrl = redirectUri.orElse(getDefaultTargetUrl());
String sessionId = request.getSession().getId();
String token = tokenProvider.createToken(authentication, sessionId);
String userId = ((UserPrincipal) authentication.getPrincipal()).getId();
UUID refreshToken = UUID.randomUUID();
Device device = devicesService.findBySessionId(sessionId);
User user = usersService.get(userId);
authenticationService.login(userId, sessionId, request.getCookies(), null, refreshToken);
String uri = UriComponentsBuilder.fromUriString(targetUrl)
.queryParam("access_token", token)
.queryParam("userId", userId)
.queryParam("sessionId", sessionId)
.queryParam("refresh_token", refreshToken)
.build().toUriString();
return uri;
} catch (Exception e) {
e.printStackTrace();
}
return "Error";
}
protected void clearAuthenticationAttributes(HttpServletRequest request, HttpServletResponse response) {
super.clearAuthenticationAttributes(request);
httpCookieOAuth2AuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
}
private boolean isAuthorizedRedirectUri(String uri) {
URI clientRedirectUri = URI.create(uri);
return xmProperties.getOAuth2().getAuthorizedRedirectUris()
.stream()
.anyMatch(authorizedRedirectUri -> {
// Only validate host and port. Let the clients use different paths if they want to
URI authorizedURI = URI.create(authorizedRedirectUri);
if (authorizedURI.getHost().equalsIgnoreCase(clientRedirectUri.getHost())
&& authorizedURI.getPort() == clientRedirectUri.getPort()) {
return true;
}
return false;
});
}
properties
spring:
security:
oauth2:
client:
registration:
google:
clientId:
clientSecret:
redirectUri:
scope:
- profile
- email
so this run on my Localhost is fine, but when run on Server(is a cluster of 3 servers ) with Nginx. The application is run with tomcat host container. Basically, I go to google Login, login and call back to me, but only show loading and minutes later it show Nginx gateway timeout. and for the BE, the logs showed it only run pass the customOAuth2UserServiceOAuthUserService and stopped with no errors show whatsoever.
Edit:
Ok I have came to conclusion that my Application is stuck due to network issue and can be resolve by use Proxy. And because the way I integrated Proxy is incorrect. It's not works. So I need ways to run the application use my proxy by default when startup.