Issue #8216 - change logic on when to redirect

Signed-off-by: Lachlan Roberts <[email protected]>
jetty · Jul 13, 2022 · 6de385e · 6de385e
1 parent 90fe562
commit 6de385e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
@@ -83,7 +83,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
     private final SecureRandom _secureRandom = new SecureRandom();
     private OpenIdConfiguration _openIdConfiguration;
     private String _redirectPath;
-    private String _logoutRedirectPath = "/";
+    private String _logoutRedirectPath;
     private String _errorPage;
     private String _errorPath;
     private String _errorQuery;
@@ -264,38 +264,55 @@ public void logout(ServletRequest request)
         }
     }
 
+    /**
+     * This will attempt to redirect the request to the end_session_endpoint, and finally to the {@link #REDIRECT_PATH}.
+     *
+     * If end_session_endpoint is defined the request will be redirected to the end_session_endpoint, the optional
+     * post_logout_redirect_uri parameter will be set if {@link #REDIRECT_PATH} is non-null.
+     *
+     * If the end_session_endpoint is not defined then the request will be redirected to {@link #REDIRECT_PATH} if it is a
+     * non-null value, otherwise no redirection will be done.
+     *
+     * @param request the request to redirect.
+     */
     private void attemptLogoutRedirect(ServletRequest request)
     {
         try
         {
             Request baseRequest = Objects.requireNonNull(Request.getBaseRequest(request));
             Response baseResponse = baseRequest.getResponse();
-
-            StringBuilder redirectUri = new StringBuilder(128);
-            URIUtil.appendSchemeHostPort(redirectUri, request.getScheme(), request.getServerName(), request.getServerPort());
-            redirectUri.append(baseRequest.getContextPath());
-            redirectUri.append(_logoutRedirectPath);
-
             String endSessionEndpoint = _openIdConfiguration.getEndSessionEndpoint();
+            String redirectUri = null;
+            if (_logoutRedirectPath != null)
+            {
+                StringBuilder sb = new StringBuilder(128);
+                URIUtil.appendSchemeHostPort(sb, request.getScheme(), request.getServerName(), request.getServerPort());
+                sb.append(baseRequest.getContextPath());
+                sb.append(_logoutRedirectPath);
+                redirectUri = sb.toString();
+            }
+
             HttpSession session = baseRequest.getSession(false);
             if (endSessionEndpoint == null || session == null)
             {
-                baseResponse.sendRedirect(redirectUri.toString(), true);
+                if (redirectUri != null)
+                    baseResponse.sendRedirect(redirectUri, true);
                 return;
             }
 
             Object openIdResponse = session.getAttribute(OpenIdAuthenticator.RESPONSE);
             if (!(openIdResponse instanceof Map))
             {
-                baseResponse.sendRedirect(redirectUri.toString(), true);
+                if (redirectUri != null)
+                    baseResponse.sendRedirect(redirectUri, true);
                 return;
             }
 
             @SuppressWarnings("rawtypes")
             String idToken = (String)((Map)openIdResponse).get("id_token");
             baseResponse.sendRedirect(endSessionEndpoint +
                     "?id_token_hint=" + UrlEncoded.encodeString(idToken, StandardCharsets.UTF_8) +
-                    "&post_logout_redirect_uri=" + UrlEncoded.encodeString(redirectUri.toString(), StandardCharsets.UTF_8),
+                    ((redirectUri == null) ? "" : "&post_logout_redirect_uri=" + UrlEncoded.encodeString(redirectUri, StandardCharsets.UTF_8)),
                 true);
         }
         catch (Throwable t)

diff --git a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdConfiguration.java b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdConfiguration.java
@@ -100,7 +100,7 @@ public OpenIdConfiguration(@Name("issuer") String issuer,
                                @Name("authMethod") String authMethod,
                                @Name("httpClient") HttpClient httpClient)
     {
-        this(issuer, authorizationEndpoint, tokenEndpoint, null, clientId, clientSecret, authorizationEndpoint, httpClient);
+        this(issuer, authorizationEndpoint, tokenEndpoint, null, clientId, clientSecret, authMethod, httpClient);
     }
 
     /**