Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong redirect after authentication when PUSH transport is WEBSOCKET #20575

Closed
mcollovati opened this issue Nov 28, 2024 · 2 comments · Fixed by #20666
Closed

Wrong redirect after authentication when PUSH transport is WEBSOCKET #20575

mcollovati opened this issue Nov 28, 2024 · 2 comments · Fixed by #20666
Assignees
@mcollovati
Labels
access-control bug Impact: Low prerelease version for Vaadin 24.6.0 push Released with Vaadin 24.6.0.rc1 Severity: Major spring

Comments

@mcollovati
Copy link
Collaborator

Description of the bug

When the Vaadin application is configured with VaadinWebSecurity, OAUTH2 and WEBSOCKET PUSH transport, the URL stored for redirection after successful login is incorrect; it points to the PUSH mapping instead of the requested page.
For example, when navigating to a protected route /, the browser is redirected to the login page, but the stored URL is http://localhost:8080/VAADIN/push instead of http://localhost:8080/. After entering correct credentials, the browser is redirected to /VAADIN/push, resulting in a 404 error page.

Expected behavior

After successful login, the original request page should be shown. In the example above, the browser should be redirected to http://localhost:8080/.

Minimal reproducible example

  • Setup a keycloak instance
  • Configure Spring Security to integrate with Keycloak
  • Configure OAUHT2 in VaadinWebSecurity 
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeHttpRequests(auth ->
              auth
                      .requestMatchers(antMatchers("/error")).permitAll()
      );
      super.configure(http);
      setOAuth2LoginPage(http, "/oauth2/authorization/keycloak");
      OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
      logoutSuccessHandler.setRedirectStrategy(new UidlRedirectStrategy());
      http.logout(cfg -> cfg.logoutSuccessHandler(logoutSuccessHandler));
  }
  • Add @Push(transport = Transport.WEBSOCKET) to AppShellConfigurator implementor
  • Create a protected view, e.g. annotating it with @PermitAll
  • Start the application and access the protected view; after being redirected to the IDP login page enter user credential.
  • Verify that the browser is redirected to /VAADIN/push instead of the protected view.

Versions

  • Vaadin / Flow version: 24.5 (most likely also older versions)
  • Java version: 21
  • OS version: Linux
@mcollovati
Copy link
Collaborator Author

It can also be replicate without OAUTH2, by creating a public view with a link to a protected route.
Start from the public view, click on the link, enter credential after being redirected to log in view, check that /VAADIN/push URL is requested.

@mcollovati mcollovati mentioned this issue Nov 29, 2024
Open
@mcollovati mcollovati changed the title Wrong redirect after OAUTH2 authentication when PUSH transport is WEBSOCKET Wrong redirect after authentication when PUSH transport is WEBSOCKET Nov 29, 2024
@mshabarov mshabarov moved this to 🔖 Normal Priority (P2) in Vaadin Flow bugs & maintenance (Vaadin 10+) Dec 3, 2024
@mshabarov mshabarov moved this to 🪵Product backlog in Vaadin Flow ongoing work (Vaadin 10+) Dec 4, 2024
@mshabarov mshabarov moved this from 🪵Product backlog to ⚒️ In progress in Vaadin Flow ongoing work (Vaadin 10+) Dec 4, 2024
@mcollovati mcollovati self-assigned this Dec 4, 2024
mcollovati added a commit that referenced this issue Dec 10, 2024
@mcollovati
fix: fix redirect URL for PUSH with websocket transport
95f9e97 
When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575
@mcollovati mcollovati mentioned this issue Dec 10, 2024
Merged
9 tasks
@mcollovati mcollovati moved this from ⚒️ In progress to 🔎Iteration reviews in Vaadin Flow ongoing work (Vaadin 10+) Dec 10, 2024
@github-project-automation github-project-automation bot moved this from 🔖 Normal Priority (P2) to ✅ Closed in Vaadin Flow bugs & maintenance (Vaadin 10+) Dec 11, 2024
@github-project-automation github-project-automation bot moved this from 🔎Iteration reviews to Done in Vaadin Flow ongoing work (Vaadin 10+) Dec 11, 2024
vaadin-bot pushed a commit that referenced this issue Dec 11, 2024
@mcollovati @vaadin-bot
fix: fix redirect URL for PUSH with websocket transport (#20666)
982f76f 
When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575
vaadin-bot pushed a commit that referenced this issue Dec 11, 2024
@mcollovati @vaadin-bot
fix: fix redirect URL for PUSH with websocket transport (#20666)
23d0f5c 
When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575
vaadin-bot pushed a commit that referenced this issue Dec 11, 2024
@mcollovati @vaadin-bot
fix: fix redirect URL for PUSH with websocket transport (#20666)
c9fce62 
When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575
vaadin-bot added a commit that referenced this issue Dec 11, 2024
@vaadin-bot @mcollovati
fix: fix redirect URL for PUSH with websocket transport (#20666) (CP:…
375e795 
… 24.4) (#20678)

* fix: fix redirect URL for PUSH with websocket transport (#20666)

When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575

* fix version

---------

Co-authored-by: Marco Collovati <[email protected]>
vaadin-bot added a commit that referenced this issue Dec 11, 2024
@vaadin-bot @mcollovati
fix: fix redirect URL for PUSH with websocket transport (#20666) (CP:…
60a9597 
… 24.6) (#20676)

* fix: fix redirect URL for PUSH with websocket transport (#20666)

When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575

* fix version

---------

Co-authored-by: Marco Collovati <[email protected]>
vaadin-bot added a commit that referenced this issue Dec 11, 2024
@vaadin-bot @mcollovati
fix: fix redirect URL for PUSH with websocket transport (#20666) (CP:…
d2c9e61 
… 24.5) (#20677)

* fix: fix redirect URL for PUSH with websocket transport (#20666)

When PUSH is enabled with websocket transport, the redirect URL to be used
after a successfull login is not correctly computed because it is based
on the PUSH servlet mapping.
This change detects the situation and computes the correct URL.

Fixes #20575

* fix version

---------

Co-authored-by: Marco Collovati <[email protected]>
@vaadin-bot
Copy link
Collaborator

This ticket/PR has been released with Vaadin 24.6.0.rc1 and is also targeting the upcoming stable 24.6.0 version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcollovati mcollovati

Labels
access-control bug Impact: Low prerelease version for Vaadin 24.6.0 push Released with Vaadin 24.6.0.rc1 Severity: Major spring
Projects
Vaadin Flow bugs & maintenance (Vaadin 10+)
Status: ✅ Closed
Vaadin Flow ongoing work (Vaadin 10+)
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: fix redirect URL for PUSH with websocket transport vaadin/flow
2 participants
@mcollovati @vaadin-bot