Add baseScheme, baseHost, basePort and basePath to the post_logout_redirect_uri

[MPriess]

For redirects it's possible to pass a redirect URI template (gh-6900) which support baseScheme, baseHost, basePort and basePath.

The current implementation of OidcClientInitiatedLogoutSuccessHandler only support the baseUrl. To make the API and usage more consistent I suggest to provide this options too for the post_logout_redirect_uri.

I renamed one existing testcase and added two additional testcases for the new parameters.

References:
gh-6900

[pivotal-cla]

@MPriess Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-cla]

@MPriess Thank you for signing the Contributor License Agreement!

[jzheaux]

To make the API and usage more consistent

Thanks for the suggestion, @MPriess. I'd prefer to keep the API as simple as possible. Do you have a need for this support? If not, I think we leave it until someone asks for it and close the PR.

[MPriess]

Do you have a need for this support?

I run my application behind a reverse proxy and have some trouble with the basePath. That was the inital reason for the change.

[jzheaux]

@MPriess, thanks for the extra detail. And sorry for my delayed response.

Am I understanding correctly that the reason you would like to use {basePath} is so that you can specify the host yourself? e.g. setPostLogoutRedirectUri("https://reverseproxyhost/{basePath}")?

Since you are using a reverse proxy, I'm wondering if you've already tried using ForwardedHeaderFilter. I believe this would allow you to use {baseUrl} since it maps X-Forwarded-xyz headers to their non-proxy counterparts.

[MPriess]

@jzheaux

I want to exclude the context path for all URLs which are generated by Spring Security.

e.g. setPostLogoutRedirectUri("https://{baseHost}{basePort}/signout-callback-oidc")
e.g. .loginPageUri("https://{baseHost}{basePort}/oauth2/authorization/myCustomer") (TO BE IMPLEMENTED)

Why?

I tried it with NGINX and the ForwardedHeaderFilter and it works, but lead to an other problem in my case:

      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Prefix /;

If I'm using the ForwardedHeaderFilter (X-Forwarded-Prefix) the context path is gone. This is a problem, because an other servlet provided by a 3rd party software vendor need the context path.

If you say this feature is helpful for other customers I can continue to work on the feature. Not sure if this is an edge case which affect only me.

[jzheaux]

Thanks, @MPriess! I've left some feedback inline. Also would you please format the commit message to meet the contribution guidelines?

Specifically, it would be helpful to have it be something like this:

Add placeholders to post_logout_redirect_uri

Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl and registrationId support.

Issue gh-6900

Having a short title and linking to the related issue makes future maintenance easier.

[jzheaux]

Hi, @MPriess. Are you able to make the requested changes and fix the build errors?

[MPriess]

Hi, @MPriess. Are you able to make the requested changes and fix the build errors?

Yes, sure!

[MPriess]

@jzheaux Done

[jzheaux]

Thanks, @MPriess, this is now merged into main. I also added a polish commit to add the same behavior to the reactive equivalent class.