3 years ago · a8ab432aea
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -132,7 +132,19 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 
				 				.build();
			
 
				 
			
 
				 		Map<String, String> uriVariables = new HashMap<>();
			
 
				+		String scheme = uriComponents.getScheme();
			
 
				+		uriVariables.put("baseScheme", (scheme != null) ? scheme : "");
			
 
				 		uriVariables.put("baseUrl", uriComponents.toUriString());
			
 
				+
			
 
				+		String host = uriComponents.getHost();
			
 
				+		uriVariables.put("baseHost", (host != null) ? host : "");
			
 
				+
			
 
				+		String path = uriComponents.getPath();
			
 
				+		uriVariables.put("basePath", (path != null) ? path : "");
			
 
				+
			
 
				+		int port = uriComponents.getPort();
			
 
				+		uriVariables.put("basePort", (port == -1) ? "" : ":" + port);
			
 
				+
			
 
				 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
			
 
				 
			
 
				 		return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
			
@@ -154,8 +166,15 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 
				 	}
			
 
				 
			
 
				 	/**
			
 
				-	 * Set the post logout redirect uri template to use. Supports the {@code "{baseUrl}"}
			
 
				-	 * placeholder, for example:
			
 
				+	 * Set the post logout redirect uri template.
			
 
				+	 *
			
 
				+	 * <br />
			
 
				+	 * The supported uri template variables are: {@code {baseScheme}}, {@code {baseHost}},
			
 
				+	 * {@code {basePort}} and {@code {basePath}}.
			
 
				+	 *
			
 
				+	 * <br />
			
 
				+	 * <b>NOTE:</b> {@code {baseUrl}} is also supported, which is the same as
			
 
				+	 * {@code "{baseScheme}://{baseHost}{basePort}{basePath}"}
			
 
				 	 *
			
 
				 	 * <pre>
			
 
				 	 * 	handler.setPostLogoutRedirectUri("{baseUrl}");
			
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -135,7 +135,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				-	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect()
			
 
				+	public void logoutWhenUsingPostLogoutBaseUrlRedirectUriTemplateThenBuildsItForRedirect()
			
 
				 			throws IOException, ServletException {
			
 
				 		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
			
 
				 				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
			
@@ -162,6 +162,34 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 
				 				+ "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
			
 
				 	}
			
 
				 
			
 
				+	@Test
			
 
				+	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() {
			
 
				+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
			
 
				+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
			
 
				+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
			
 
				+		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
			
 
				+		given(this.exchange.getRequest()).willReturn(request);
			
 
				+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
			
 
				+		this.handler.setPostLogoutRedirectUri("{baseScheme}://{baseHost}{basePort}{basePath}");
			
 
				+		this.handler.onLogoutSuccess(f, token).block();
			
 
				+		assertThat(redirectedUrl(this.exchange)).isEqualTo(
			
 
				+				"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
			
 
				+	}
			
 
				+
			
 
				+	@Test
			
 
				+	public void logoutWhenUsingPostLogoutRedirectUriTemplateWithOtherPortThenBuildsItForRedirect() {
			
 
				+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
			
 
				+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
			
 
				+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
			
 
				+		MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org:400").build();
			
 
				+		given(this.exchange.getRequest()).willReturn(request);
			
 
				+		WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
			
 
				+		this.handler.setPostLogoutRedirectUri("{baseScheme}://{baseHost}{basePort}{basePath}");
			
 
				+		this.handler.onLogoutSuccess(f, token).block();
			
 
				+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?" + "id_token_hint=id-token&"
			
 
				+				+ "post_logout_redirect_uri=https://rp.example.org:400");
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirectExpanded()
			
 
				 			throws IOException, ServletException {