Login/Register
spring HATEOAS links issue for HTTP and HTTPS
Asked Answered
Solved nginxhateoasspring-hateoas
N

1

8

I am using Spring HATEOAS in my web application. My application runs behind a Nginx webserver. I am sending following url with HTTPS header

GET https://national.usa.com/testapp-rest/api/user/654rtrtet-5grt-fgsdf-dfgs-765ytrtsdhshfgsh/newAuthentication

Status Code:200 OK
Response Headersview sourceAccess-Control-Allow-Headers:x-requested-with, Accept, Content-Type, Origin, Authorization, X-Auth-Token
Access-Control-Allow-Methods:POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:X-Auth-Token
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, must-revalidate
Connection:keep-aliveContent-Type:application/json
Pragma:No-cacheServer:XXX/1.6.0
Strict-Transport-Security:max-age=31536000
Transfer-Encoding:chunkedRequest Headers
view sourceAccept:application/json, text/plain, */*Accept-Encoding:gzip, deflate, sdch

But when I see response headers, I see HATEOAS links are only returning HTTP. how to fixed this issue? Please guide.

"links: [{rel: "self",…}]0: {rel: "self",…}href: "http://national.usa.com
/testapp-rest/api/user/5435fdsg-45gfdgag-rewtdf43434-43543fsd "rel

Edit: Yes I using following code to create links

resource.add(ControllerLinkBuilder.linkTo(ControllerLinkBuilder.methodOn(TestController.class).getStudentResponse(response.getStudentId())).withSelfRel());
Neighbor answered 26/11, 2015 at 15:53 Comment(1)
Is it a demo URL you posted? I am receiving a 404. Do you run your application behind a webserver like Apache Httpd or Nginx?Bookcase
B
9

As you mentioned in the comments your application runs behind a webserver. In this case Nginx.

You are using some sort of 

linkTo(methodOn(MyController.class).myMethod(name)).withSelfRel());

to generate links. In this case take a look at ControllerLinkBuilder. As you can see in line 190 Spring HATEOAS builds a link based on the current request. In addition, request header X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Ssl are queried and used if available.

That is what you missed to configure in order to build proper links with Spring HATEOAS.

Because you complain that only https is missing in your links, Nginx already sets X-Forwarded-For but skips X-Forwarded-Proto. I assume that Nginx and your application communicate over http otherwise you wouldn't have trouble. You can ignore X-Forwarded-Ssl. It is only relevant if Nginx and your application talking over https. In that case you wouldn't see any issue either.

Below you find a complete Nginx location block for reference. X-Forwarded-Proto has been set to https in order to inform the proxied system that links have to contain https in any URLs (only if backend system processes aforedmetnioned request header).

location /yourapp {
    proxy_pass http://localhost:8080/yourapp;
    proxy_redirect default;
    proxy_set_header  Host               $http_host;
    proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto  https;
}

For further reading please consult Nginx documentation for the http_proxy_module.

Bookcase answered 27/11, 2015 at 5:27 Comment(1)
NGINX noob here: why not proxy_set_header X-Forwarded-Host $http_host;?Decommission

© 2022 - 2024 — McMap. All rights reserved.