REST API oauth returning 301 when behind nginx reverse proxy

eraskin · June 18, 2021, 7:36pm

Hello:

I am running the latest version of Cuba Platform (7.2.13) with REST API addon (7.2.3). I am deploying an uberJar behind an nginx reverse proxy. The basic web site works fine (and has for a long time).

I confirm that web.xml contains com.haulmont.addon.restapi:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <!-- Application properties config files -->
    <context-param>
        <param-name>appPropertiesConfig</param-name>
        <param-value>classpath:com/paslists/rade/app.properties
            /WEB-INF/local.app.properties
            "file:${catalina.home}/conf/rade-core/local.app.properties"</param-value>
    </context-param>
    <!--Application components-->
    <context-param>
        <param-name>appComponents</param-name>
        <param-value>com.haulmont.cuba com.haulmont.reports com.haulmont.charts de.diedavids.cuba.scheduledreports
            com.haulmont.addon.emailtemplates com.haulmont.addon.restapi</param-value>
    </context-param>
    <listener>
        <listener-class>com.haulmont.cuba.core.sys.AppContextLoader</listener-class>
    </listener>
    <servlet>
        <servlet-name>remoting</servlet-name>
        <servlet-class>com.haulmont.cuba.core.sys.remoting.RemotingServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>remoting</servlet-name>
        <url-pattern>/remoting/*</url-pattern>
    </servlet-mapping>
</web-app>

Yet, when I try to execute an oauth request, I get a 301 - Moved Permanently error. If I run this same app directly from Studio locally, I can execute the oauth request just fine.

My nginx reverse proxy is very simple:

location /rade-rmbio {
  proxy_pass http://localhost:8160/rade-rmbio;
}

My uberjar execution command is:

/usr/bin/java -Dapp.home=/opt/app_home/rade-rmbio -DRadeCustomer=rade-rmbio -Dapp.user=***** -Dapp.pwd=****** -agentlib:jdwp=transport=dt_socket,address=8161,server=y,suspend=n -jar /opt/app_home/rade.jar -port 8160 -contextName rade-rmbio

I confirm that app.user and app.pwd are set correctly, of course. The web app works fine. It’s just the REST API that isn’t working.

Here’s the curl command I execute:

curl -s -X POST -H "Content-type: application/x-www-form-urlencoded" -H "Authorization: Basic $auth" -d "grant_type=password&username=****&password=****" http://www.paslists.com/rade-rmbio/rest/v2/oauth/token

$auth is made by executing this:

export auth=$( echo -n "user:pwd " | base64 -w 0 )

web-app.properties contains:

cuba.rest.client.id=user
cuba.rest.client.secret={noop}pwd

(Of course, “user” and “pwd” are not the real ones )

Here’s the result:

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3</center>
</body>
</html>

Any suggestions on where to look to make this work? Is there any other information I need to provide to help debug this?

albudarov · June 21, 2021, 7:17am

Hi,
Where does the site try redirect you to?
301 code isn’t just the 301. It tells where you should go.

Execute curl with -v option to see redirect destination.

eraskin · June 21, 2021, 1:16pm

AHA! I was not aware of the “-v” to see where the redirection went. We redirect from http to https. My script pointed to http by mistake. The oauth call now works.

Thanks for your help.