Search code examples
spring-bootspring-securityreverse-proxyoauth2client

Spring Boot with OAuth2 behind reverse proxy

I'm new with Spring Security and trying to develop Spring Boot app with Google login using OAuth2 which runs under hostname:8080. This app is behind Apache reverse proxy server https://url.com.

Spring Boot version 2.1.0

Spring Security version 5.1.1

build.gradle:

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-web")
    implementation("org.springframework.boot:spring-boot-starter-security")
    implementation("org.springframework.security:spring-security-oauth2-client")
    implementation("org.springframework.security:spring-security-oauth2-jose")
}

application.yml:

oauth2:
  client:
    registration:
      google:
        clientId: <clientId>
        clientSecret: <clientSecret> 
        scope: profile, email, openid

server:
  use-forward-headers: true
  servlet:
    session:
      cookie:
        http-only: false

Spring Security config:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
                .anyRequest()
                    .authenticated()
            .and()
            .oauth2Login();
    }
  }
  1. I request https://url.com
  2. Get redirected to https://accounts.google.com/signin/oauth/
  3. When authenticated get redirected back to https://url.com/login/oauth2/code/google?state={state}&code={code}&scope=openid+email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.me&authuser=0&session_state={session_state}&prompt=none which timed out with error:

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "https://www.googleapis.com/oauth2/v4/token": Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)

Is this error caused by the proxy server settings or boot app? Thanks for help.

Solution

  • Solved. I had to set the JVM parameters: 

    https.proxyHost=[host]
https.proxyPort=[port] 

http.proxyHost=[host]
http.proxyPort=[port]