I have a web-app running with SSL only (no http allowed) on port 8080:
server:
ssl:
key-store-type: PKCS12
key-store: file:${SERVER_KEYSTORE_PATH}
key-store-password: ${SERVER_CERT_PASSWORD}
port: 8080
When I launch the app, I see in the logs:
2020-03-17 17:32:29.836 INFO 90960 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (https)
One of my endpoints (the root one, actually) is protected by Spring Security, OAuth2:
@Override
protected void configure(HttpSecurity http) throws Exception {
String baseURI = redirectURI.substring(redirectURI.lastIndexOf("/"));
http.csrf().disable()
.authorizeRequests()
.antMatchers("/").authenticated()
.antMatchers("/**").permitAll()
.and()
.oauth2Login()
.defaultSuccessUrl("/")
.redirectionEndpoint().baseUri(baseURI);
}
The problem is that when I go to https://localhost:8080 - it redirects me to https://localhost:8443/oauth2/authorization/oauth So, for some reason the port 8080 is overriden with 8443.
As far as I understood from similar questions, this is happening because Tomcat is trying to redirect the user to the SSL-enabled endpoint (https) from the plain endpoint (http). But my endpoint is already SSL-enabled, so I don't really understand why is it happening. If I go to any other endpoint, it works with https and 8080 port - so only protected endpoint is problematic.
I tried to customize TomcatServletWebServerFactory with ConnectorCustomizers and set there redirect port to 8080, but it didn't help.
Any ideas on how to disable this useless redirect?
