diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java index ca1993d7ddb..275d485638e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java @@ -63,7 +63,7 @@ protected String determineTargetUrl(HttpServletRequest request, endSessionEndpoint = this.endSessionEndpoint(clientRegistration); if (endSessionEndpoint != null) { String idToken = idToken(authentication); - URI postLogoutRedirectUri = postLogoutRedirectUri(request); + String postLogoutRedirectUri = postLogoutRedirectUri(request); targetUrl = endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri); } } @@ -91,7 +91,7 @@ private String idToken(Authentication authentication) { return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue(); } - private URI postLogoutRedirectUri(HttpServletRequest request) { + private String postLogoutRedirectUri(HttpServletRequest request) { if (this.postLogoutRedirectUri == null) { return null; } @@ -100,13 +100,12 @@ private URI postLogoutRedirectUri(HttpServletRequest request) { .replaceQuery(null) .fragment(null) .build(); - return URI.create (UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri) + return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri) .buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString())) - .toUriString()); + .toUriString(); } - - private String endpointUri(URI endSessionEndpoint, String idToken, URI postLogoutRedirectUri) { + private String endpointUri(URI endSessionEndpoint, String idToken, String postLogoutRedirectUri) { UriComponentsBuilder builder = UriComponentsBuilder.fromUri(endSessionEndpoint); builder.queryParam("id_token_hint", idToken); if (postLogoutRedirectUri != null) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java index 023959f4687..7a7a6b82b99 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandlerTests.java @@ -165,15 +165,17 @@ public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect( "post_logout_redirect_uri=https://rp.example.org"); } + // gh-9511 @Test - public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildItForRedirectWithEncodedQueryParameters() throws IOException, ServletException { + public void logoutWhenUsingPostLogoutRedirectUriWithQueryParametersThenBuildsItForRedirect() + throws IOException, ServletException { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId()); this.handler.setPostLogoutRedirectUri("https://rp.example.org/context?forwardUrl=secured%3Fparam%3Dtrue"); this.request.setUserPrincipal(token); this.handler.onLogoutSuccess(this.request, this.response, token); - assertThat(this.response.getRedirectedUrl()).isEqualTo( - "https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue"); + assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?id_token_hint=id-token&" + + "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue"); } @Test