I’m trying to get around these topics and I found really great tutorials on your forums.
The one tutorial that is exactly how I want to implement my authentication scheme is :
Use React and Spring Boot to Build a Simple CRUD App
The only distinction is that I use spring webflux and angular. I get stuck because my RequestCache bean is overwritten by springsecuritywebflux. Thus I’m redirected to the default (/) on :8080 instead of :4200
Can you offer some guidance?
Thanks and best regards,
You can try modifying your Angular app so it redirects to http://localhost:8080/login/oauth2/code/okta instead of just /login or /private. That way, Spring Security will redirect back to the referrer automatically (which will be http://localhost:4200 in your case).
It seems that I have gotten a bit further 
now I receive an error : OAuth2AuthorizationException: [authorization_request_not_found]
Although, previously I was getting to the authorization server and now, I’m not.
Thanks for your help!
Make sure you’re using the issuer for your default authorization server (it should end in /oauth2/default and not have -admin in the URL).
When I set it ot the url : http://localhost:8080/login/oauth2/code/okta , I receive an error because the “?code=” part is missing.
When I use another link that is protected and that I log in, I am referred back to say : http://localhost:8080/private instead of http://localhost:4200/home. I do the redirection in an Authenticated Guard in Angular with location.href.
I’m a bit at lost here. I could use some host trick to make it work, but your solution seemed perfect for development
Thanks!!!
Hmmmm, I’m not sure what the problem could be. Are you able to push your app to GitHub so I can take a look at your code?
The problem really lies into the RequestCache. I did what you did… well in a similar way.
ServerRequestCache serverRequestCache() {
return new WebSessionServerRequestCache() {
private final String DEFAULT_SAVED_REQUEST_ATTR = "SPRING_SECURITY_SAVED_REQUEST";
private final ServerWebExchangeMatcher serverWebExchangeMatcher = createDefaultRequestMatcher();
@Override
public Mono<Void> saveRequest(ServerWebExchange exchange) {
Optional<String> referrer = Optional.ofNullable(
exchange.getRequest().getHeaders().getFirst("referer"));
return this.serverWebExchangeMatcher.matches(exchange)
.filter(m -> m.isMatch())
.flatMap(m -> exchange.getSession())
.map(WebSession::getAttributes)
.doOnNext(attrs -> attrs.put(DEFAULT_SAVED_REQUEST_ATTR, referrer.orElse("")))
.then();
}
private ServerWebExchangeMatcher createDefaultRequestMatcher() {
ServerWebExchangeMatcher get = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/**");
ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
MediaTypeServerWebExchangeMatcher html = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
html.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
return new AndServerWebExchangeMatcher(get, notFavicon, html);
}
};
}
But my ServerRequestCache is never called…
Here’s how it’s registered :
@Bean
SecurityWebFilterChain configure(ServerHttpSecurity http) {
http.oauth2Login()
.and().csrf()
.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
.and().requestCache().requestCache(serverRequestCache())
.and().authorizeExchange()
.pathMatchers("/api/me").permitAll()
.anyExchange().authenticated();
return http.build();
}
Ok forget it! I just rewrote everything to what I’ve shared with you and it does work
@christiangoudreau, although I think this should work, I don’t think this would work since adding this RequestCache currently only affects the OAuth2AuthorizationRequestRedirectWebFilter and not the RedirectServerAuthenticationEntryPoint. See https://github.com/spring-projects/spring-security/blob/5.2.1.RELEASE/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java#L1184
I’ve created an issue for this on spring-security: https://github.com/spring-projects/spring-security/issues/7721