From 00cd95be7634f824b662a09620ccb6cfafe814bc Mon Sep 17 00:00:00 2001
From: Max Batischev <mblancer@mail.ru>
Date: Fri, 7 Feb 2025 15:24:07 +0300
Subject: [PATCH] Add setRedirectStrategy to
 OidcClientInitiatedServerLogoutSuccessHandler

Closes gh-16556

Signed-off-by: Max Batischev <mblancer@mail.ru>
---
 ...ntInitiatedServerLogoutSuccessHandler.java | 15 +++++++++--
 ...tiatedServerLogoutSuccessHandlerTests.java | 27 ++++++++++++++++++-
 2 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
index 9d35ddc69b..4943565fca 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -51,7 +51,7 @@ import org.springframework.web.util.UriComponentsBuilder;
  */
 public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
 
-	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
+	private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
 	private final RedirectServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
 
@@ -199,6 +199,17 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
 		this.redirectUriResolver = redirectUriResolver;
 	}
 
+	/**
+	 * Set the {@link ServerRedirectStrategy} to use, default
+	 * {@link DefaultServerRedirectStrategy}
+	 * @param redirectStrategy {@link ServerRedirectStrategy}
+	 * @since 6.5
+	 */
+	public void setRedirectStrategy(ServerRedirectStrategy redirectStrategy) {
+		Assert.notNull(redirectStrategy, "redirectStrategy cannot be null");
+		this.redirectStrategy = redirectStrategy;
+	}
+
 	/**
 	 * Parameters, required for redirect URI resolving.
 	 *
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
index 591ef091da..65c9bcdd51 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,14 +37,18 @@ import org.springframework.security.oauth2.client.registration.ReactiveClientReg
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
 import org.springframework.security.oauth2.core.user.TestOAuth2Users;
+import org.springframework.security.web.server.ServerRedirectStrategy;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilterChain;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 
 /**
  * Tests for {@link OidcClientInitiatedServerLogoutSuccessHandler}
@@ -219,6 +223,27 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
 		assertThat(redirectedUrl(this.exchange)).isEqualTo("https://test.com");
 	}
 
+	@Test
+	public void setRedirectStrategyWhenGivenNullThenThrowsException() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
+	}
+
+	@Test
+	public void logoutWhenCustomRedirectStrategySetThenCustomRedirectStrategyUse() {
+		ServerRedirectStrategy redirectStrategy = mock(ServerRedirectStrategy.class);
+		given(redirectStrategy.sendRedirect(any(), any())).willReturn(Mono.empty());
+		OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
+				AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
+		WebFilterExchange filterExchange = new WebFilterExchange(this.exchange, this.chain);
+		given(this.exchange.getRequest())
+			.willReturn(MockServerHttpRequest.get("/").queryParam("location", "https://test.com").build());
+		this.handler.setRedirectStrategy(redirectStrategy);
+
+		this.handler.onLogoutSuccess(filterExchange, token).block();
+
+		verify(redirectStrategy, times(1)).sendRedirect(any(), any());
+	}
+
 	private String redirectedUrl(ServerWebExchange exchange) {
 		return exchange.getResponse().getHeaders().getFirst("Location");
 	}