4 лет назад · 65ecaa0c28
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -67,7 +67,7 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 
				 			URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
			
 
				 			if (endSessionEndpoint != null) {
			
 
				 				String idToken = idToken(authentication);
			
 
				-				URI postLogoutRedirectUri = postLogoutRedirectUri(request);
			
 
				+				String postLogoutRedirectUri = postLogoutRedirectUri(request);
			
 
				 				targetUrl = endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
			
 
				 			}
			
 
				 		}
			
@@ -89,7 +89,7 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 
				 		return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
			
 
				 	}
			
 
				 
			
 
				-	private URI postLogoutRedirectUri(HttpServletRequest request) {
			
 
				+	private String postLogoutRedirectUri(HttpServletRequest request) {
			
 
				 		if (this.postLogoutRedirectUri == null) {
			
 
				 			return null;
			
 
				 		}
			
@@ -100,13 +100,13 @@ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogo
 
				 				.replaceQuery(null)
			
 
				 				.fragment(null)
			
 
				 				.build();
			
 
				-		return URI.create (UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
			
 
				+		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
			
 
				 				.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
			
 
				-				.toUriString());
			
 
				+				.toUriString();
			
 
				 		// @formatter:on
			
 
				 	}
			
 
				 
			
 
				-	private String endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) {
			
 
				+	private String endpointUri(URI endSessionEndpoint, String idToken, String postLogoutRedirectUri) {
			
 
				 		UriComponentsBuilder builder = UriComponentsBuilder.fromUri(endSessionEndpoint);
			
 
				 		builder.queryParam("id_token_hint", idToken);
			
 
				 		if (postLogoutRedirectUri != null) {
			
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java
@@ -138,15 +138,17 @@ public class OidcClientInitiatedLogoutSuccessHandlerTests {
 
				 				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
			
 
				 	}
			
 
				 
			
 
				+	// gh-9511
			
 
				 	@Test
			
 
				-	public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildItForRedirectWithEncodedQueryParameters() throws IOException, ServletException {
			
 
				+	public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildsItForRedirect()
			
 
				+			throws IOException, ServletException {
			
 
				 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
			
 
				 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
			
 
				 		this.handler.setPostLogoutRedirectUri("https://rp.example.org/context?forwardUrl=secured%3Fparam%3Dtrue");
			
 
				 		this.request.setUserPrincipal(token);
			
 
				 		this.handler.onLogoutSuccess(this.request, this.response, token);
			
 
				-		assertThat(this.response.getRedirectedUrl()).isEqualTo(
			
 
				-				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
			
 
				+		assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token&"
			
 
				+				+ "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
			
 
				 	}
			
 
				 
			
 
				 	@Test