[BUG] aad-resource-server redirectes to LoginPage
einue opened this issue · 5 comments
I checked out your repo and test it. When I try to connect with postman to webapi, my call redirects always to login-page. Is there some configuration missing?
my pom file:
`
4.0.0
<!-- https://github.com/Azure-Samples/azure-spring-boot-samples/blob/spring-cloud-azure_4.4.0/aad/spring-cloud-azure-starter-active-directory/web-client-access-resource-server/aad-resource-server/pom.xml -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.3</version>
</parent>
<artifactId>app-resource-server</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>
<name>Resourcen</name>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
<version>4.4.0</version>
</dependency>
<!-- spring boot starter dependencies. -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
`
@chenrujun could you help handle this issue?
Hi, @einue
Thanks for reaching out.
I used the pom you provided in this branch: chenrujun/azure-spring-boot-samples.
But I cannot reproduce the problem you described in the issue.
The http request returns 401 instead of login page. Here is the screenshot:
Could you please try chenrujun/azure-spring-boot-samples in your machine?
If the problem still exists, please provide a minimal project to reproduce the problem.
@chenrujun I also get an 401 for the webapiB when sending the correct bearer token.
I get the token Via Postman, the response is like:
{
"token_type": "Bearer",
"scope": "api://tenantID/WebApi.ConstructionsiteScope",
"expires_in": 5120,
"ext_expires_in": 5120,
"access_token": "******"
}
And my Controller looks like :
@GetMapping("/webapiB")
@ResponseBody
@PreAuthorize("hasAuthority('SCOPE_WebApi.ConstructionsiteScope')")
public String file() {
return "Response from webApiB.";
}
And my Postman Call:
curl \
--location \
--request GET 'localhost:8082/webapiB' \
--header 'Authorization: Bearer **** '
My application.yml
server:
port: 8082
spring:
cloud:
azure:
active-directory:
enabled: true
credential:
client-id: 5832d83***
client-secret: **+
profile:
tenant-id: ***
app-id-uri: api://tenant-id/WebApi.ConstructionsiteScope`
I get the token Via Postman, the response is like:
"scope": "api://tenantID/WebApi.ConstructionsiteScope",
It should be clientID of WebApi instead of teanntID.
My application.yml
app-id-uri: api://tenant-id/WebApi.ConstructionsiteScope`
- Same here, it should be clientID of WebApi instead of teanntID.
- Delete /WebApi.ConstructionsiteScope in app-id-uri.
@chenrujun : thank you, it works now :)