search

codecentric / spring-boot-admin

Admin UI for administration of spring boot applications
Apache License 2.0
12.38k stars 3.08k forks source link

Custom endpoints redirect to login #2062

Closed pgouri017 closed 2 years ago

pgouri017 commented 2 years ago

springbootadmin 2.5.5

I have added some custom endpoints to SBA app. All those endpoints are secured, work fine when accessed inside UI but return 302 redirect to login when accessed through curl or any Rest client using a valid access token.

curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer F0TNPCNENn2zSFDo3JzNMOGxT44' -i http://localhost:8001/my-sba/users

HTTP/1.1 302 Found Date: Mon, 27 Jun 2022 18:09:34 GMT Set-Cookie: XSRF-TOKEN=0b8b2302-9f39-4e18-a49f-c1ee7a6158db; Path=/my-sba Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: SESSION-my-sba-=ZjExYWRhY2UtOTBjZS00N2FlLrt4YzItNGM2iuytYzE3ODQw; Path=/my-sba/; HttpOnly; SameSite=Lax Location: http://localhost:8001/my-sba/login Content-Length: 0

SteKoe commented 2 years ago

Hi @pgouri017,

please try setting the value of header X-Requested-With to XMLHttpRequest and try again.

pgouri017 commented 2 years ago

@SteKoe, issue is not resolved by adding the header X-Requested-With

GET http://localhost:8001/my-sba/users

Error: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8001/my-sba/login Request Headers Authorization: bearer y2duUmmRtsEEMxMPIUZyqDVARJU Content-Type: application/json X-Requested-With: XMLHttpRequest User-Agent: PostmanRuntime/7.29.0 Accept: / Postman-Token: 9a47e8fc-e519-49ce-bbe2-72d7c53c76ea Host: localhost:8001 Accept-Encoding: gzip, deflate, br Connection: keep-alive

PUT http://localhost:8001/my-sba/users

Error: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8001/my-sba/login Request Headers Authorization: bearer y2duUmmRtsEEMxMPIUZyqDVARJU Content-Type: application/json X-Requested-With: XMLHttpRequest User-Agent: PostmanRuntime/7.29.0 Accept: / Postman-Token: 897bea77-bfd4-41df-b52c-1804da77b947 Host: localhost:8001 Accept-Encoding: gzip, deflate, br Connection: keep-alive

ulischulte commented 2 years ago

@pgouri017,

although this doesn't seem to be connected to SBA at all - have you tried comparing the request with the request within your browser's developer network tab?

Regards, Uli