From 24bae67999e715fa3c7753fc8eeedaddbfa8f4cf Mon Sep 17 00:00:00 2001
From: Max Batischev <Maksim.Batischev@raiffeisen.ru>
Date: Wed, 27 Mar 2024 13:01:31 +0300
Subject: [PATCH] Add support customizing the serverLogoutSuccessHandler for
 OidcClientInitiatedServerLogoutSuccessHandler

Closes gh-14778
---
 ...ntInitiatedServerLogoutSuccessHandler.java | 14 +++++++++++--
 ...tiatedServerLogoutSuccessHandlerTests.java | 20 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index 3cc5754cac1..cf6cedd2207 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -51,7 +51,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 
 	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
-	private final RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
+	private RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
 
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 
@@ -189,4 +189,14 @@ public void setLogoutSuccessUrl(URI logoutSuccessUrl) {
 		this.serverLogoutSuccessHandler.setLogoutSuccessUrl(logoutSuccessUrl);
 	}
 
+	/**
+	 * Set the serverLogoutSuccessHandler.
+	 * @param serverLogoutSuccessHandler {@link RedirectServerLogoutSuccessHandler}
+	 * @since 6.3
+	 */
+	public void setServerLogoutSuccessHandler(RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler) {
+		Assert.notNull(serverLogoutSuccessHandler, "serverLogoutSuccessHandler cannot be null");
+		this.serverLogoutSuccessHandler = serverLogoutSuccessHandler;
+	}
+
 }
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 300a815caf4..ce0433d151a 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,6 +37,7 @@
 import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
 import org.springframework.security.oauth2.core.user.TestOAuth2Users;
 import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
@@ -199,8 +200,25 @@ public void setPostLogoutRedirectUriTemplateWhenGivenNullThenThrowsException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((String) null));
 	}
 
+	@Test
+	public void logoutWhenCustomRedirectServerLogoutSuccessHandlerSetThenRedirects() {
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
+		given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
+		WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain);
+		this.handler.setServerLogoutSuccessHandler(new TestRedirectServerLogoutSuccessHandler());
+
+		this.handler.onLogoutSuccess(filterExchange, token).block();
+
+		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://endpoint?id_token_hint=id-token");
+	}
+
 	private String redirectedUrl(ServerWebExchange exchange) {
 		return exchange.getResponse().getHeaders().getFirst("Location");
 	}
 
+	private static class TestRedirectServerLogoutSuccessHandler extends RedirectServerLogoutSuccessHandler {
+
+	}
+
 }