In the Spring definition of the remote resource that is protected through OAuth2, which the client application wants to access, I set use-current-uri to true, in other words, the current URI should be used as a redirect (if available). It looks like this:
<oauth:resource id="myResourceId" type="authorization_code" client-id="${clientId}" client-secret="${clientSecret}" access-token-uri="${accessTokenUri}" user-authorization-uri="${userAuthorizationUri}" use-current-uri="true" scope="myScope" pre-established-redirect-uri="${preEstablishedRedirectUri}"/>
Now the problem is that Spring Security OAuth2 client will pick up the current Tomcat internal URL instead of the URL of the public web application. The scenario is a Tomcat server located behind the Apache server, resulting in two sets of URLs:
Since the redirect URL for the authorization server (for example, Twitter, ORCID) is used to send the authorization code, you should use the URL of the public web application, not internal.
By the way, I am using the following spring -security-oauth2 version:
- spring -Security-oauth2-1.0.5.RELEASE
- spring -core-3.1.2.RELEASE
- spring-Security-kernel-3.1.3.RELEASE
I wonder if there is a way to tell Spring to use a public URL. Thanks.
source share