Question

Unable to redirect to external URL from Java

0

Hi, I have an app with that uses the Open Authentication module (https://github.com/Erwin-t-Hoen/Open-Authentication-Module) to implement Facebook login functionality. While the app was running in a sandbox, this functionality worked without any issues (even on the same SVN revision). The app was recently moved to a Azure Windows Server 2016 virtual machine. The server was configured according to documentation (https://docs.mendix.com/howto/on-premises-deployment/deploy-mendix-on-microsoft-windows) and additional request handlers required by the module are configured as well (signin/, callback/, logout/). Unfortunately, the redirect to Facebook is not working. Somehow, a redirect to Facebook will end up redirecting to the application root URL. This is the code in question, from oauthmodule\actions\custom\GetAccessCodeFacebook: public class GetAccessCodeFacebook { private final String OAUTHURI = Constants.getOAuthURI_Facebook(); private final String CLIENTID = Constants.getClientId_Facebook(); private final String CALLBACKURI = Constants.getCallbackURI_Facebook(); protected void getCode(String UUIDstate, HttpServletResponse servletResponse) throws IOException{ Core.getLogger("OAuthSignin").trace("Get token from Facebook"); StringBuilder oauthUrl = new StringBuilder() .append(OAUTHURI) .append("?client_id=").append(CLIENTID) // the client id from the api console registration .append("&redirect_uri=").append(CALLBACKURI) // the servlet that linkedin redirects to after authorization .append("&scope=email") // scope is the api permissions we are requesting .append("&state="+UUIDstate); Core.getLogger("OAuthSignin").trace("Url used for facebook: \n"+oauthUrl.toString()); servletResponse.sendRedirect(oauthUrl.toString()); } } The log in the second last line of code will output the following in the server console: Url used for facebook: https://www.facebook.com/v2.8/dialog/oauth?client_id=414691225590004&redirect_uri=http://myapp.cloudapp.net/callback/facebook&scope=email&state=dc413975-18d5-4c93-bf09-71e2ef134bbc however, when servletResponse.sendRedirect is executed, the user will be redirected to the following URL: http://myapp.cloudapp.net/v2.8/dialog/oauth?client_id=414691225590004&redirect_uri=http://myapp.cloudapp.net/callback/facebook&scope=email&state=dc413975-18d5-4c93-bf09-71e2ef134bbc I tried changing the code to: servletResponse.sendRedirect("https://www.facebook.com"); but this will again redirect me to: http://myapp.cloudapp.net I looks like I am overlooking something simple here, I just don't see it. If I go back to the sandbox app, the redirect will still work as expected but it will somehow not work on my Windows Server. What are my missing? Help would be greatly appreciated. Thanks! * The actual Mendix version of this app is 7.5 but I couldn't find it in the model version dropdown

asked 2017-07-28

Tim Hendricks

2 answers

Tim Hendricks · Answer 1 · 2017-07-31

After Jeffreys comment, I changed my code to use setHeader to set a location but it did not change the behavior. So I looked into the actual http requests and headers using Google Chrome dev tools. I saw that the actual header location for the request was never changed no matter what code I used. It became clear to me that I was somehow not able to change header locations at all.

After realizing this, all it took was a quick Google search for: iis cannot change header location

This pointed me to this post: https://stackoverflow.com/questions/23508938/url-rewrite-keeps-original-host-location-when-reverse-proxy-301-redirects

Somehow the proxy in the IIS ARR was set to "Reverse rewrite host in response headers"! Unchecking this option solved the issue.

I am not sure if this is checked by default in ARR or if I mistakenly clicked it when setting up the server. I will make sure to check for that when I am setting up the production server. In case this is checked by default, I will request a change on the installation documentation.

Jeffrey Draaijer · Answer 2 · 2017-07-31

Hi Tim, I'm not an expert on this material but I found the following articles on StackOverflow: SetHeader and RedirectView, and perhaps you can give it a try?