Not looking for it to set the header, just consume it from the http request and use it in the UriBuilder. It dont think OAuth2 is doing anything wrong. If anything its the UriBuilder should be checking if the X-FORWARDED-PROTO header came in on the request and using that to determine the scheme for the uri built.
For example our load balancer adds the header X-FORWARDED_PROTO header with value "https" then the uri builder should build the returned URI with scheme = "https". I'm looking at the code in org.apache.cxf.jaxrs.impl.UriBuilderImpl and it looks like it does build the url string with whatever scheme has been set on the object. Not clear on what or where something sets the scheme on the object or if URIBuilderImpl should autodectect the scheme if its not told about any scheme (ie should it be looking for the header). Thanks for any help. Really rather not start modifying the url strings in my code based on the presence of the header but that is my last resort. Matt On Aug 7, 2014, at 9:34 AM, Sergey Beryozkin <[email protected]> wrote: > Hi Matt > On 07/08/14 17:19, Matt Helgren wrote: >> Hi All, >> >> We have implemented OAuth2 from CXF in our application. More recently we >> are using a load balancer for our application and the application does not >> have direct knowledge of the scheme (http or https) used for requests. I >> downloaded the source and looked for any mention of X-FORWARDED-PROTO but >> did not see one. So my question would be is there or will there be any >> support for the X-FORWARDED-PROTO for uri building? Thanks much. >> > In what part of the overall OAuth2 application you'd expect this header be > set ? Would you like to have it set when a 3rd party client redirects the > user to authorize ? > > Cheers, Sergey > >> Matt >> >
