Spring Security I use spring-security-oauth2 as a client to connect UAA, but if UAA and my project have same IP address, it doesn't work. I don't know where the restrictions are?

Summary

I use UAA as oauth2 server, and use spring-security-oauth2 as client, if they deploy in different IP address , It can work well. but if they deploy in same IP address, it doesn't work.

Actual Behavior

Expected Behavior

Configuration

security:
  ignored: /favicon.ico, /webjars/**, /css/**
  basic:
    enabled: false
  oauth2:
    client:
      client-id: idm
      client-secret: 123456
      access-token-uri: ${ssoServiceUrl}/oauth/token
      user-authorization-uri: ${ssoServiceUrl}/oauth/authorize
      scope:
       - openid
       - user_attributes
       - bc-admin
       - scim.*
       - clients.*
    resource:
      token-info-uri: ${ssoServiceUrl}/check_token
      jwt:
        key-uri: ${ssoServiceUrl}/token_key
      user-info-uri: ${ssoServiceUrl}/userinfo

@EnableOAuth2Sso
@Configuration
public class OAuth2SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        //@formatter:off
        http.authorizeRequests()
                .antMatchers("/login**")
                    .authenticated()
                .antMatchers("/client/**")
                    .authenticated()
                .antMatchers("/group/**")
                    .authenticated()
                .antMatchers("/user/**")
                    .authenticated()
                .antMatchers("/")
                    .permitAll()
                .anyRequest()
                    .authenticated();
        //@formatter:on

    }

}

Version

<dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
            <version>2.0.7.RELEASE</version>
        </dependency>

Sample

Comment From: jgrandja

@jay763190097 This issue should be logged in the spring-security-oauth Issues.

if they deploy in different IP address , It can work well. but if they deploy in same IP address, it doesn't work.

Can you please provide specific details on what exactly doesn't work? Is there a stacktrace?

Running the Authorization Server and Client Application under the same host, for example localhost, won't work as the Session Cookie from the Authorization Server will overwrite the Session Cookie from the Client Application since they are the same host names. I would recommend assigning a host name for your local Authorization Server, for example, http://auth-server:8090.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.