Merge pull request #48838 from sberyozkin/3.24_fix_back_channel_logout_http_root

[3.24] : Fix the http root bug in BackChannelLogoutHandler

Author: gsmet

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BackChannelLogoutHandler.java

@@ -11,7 +11,6 @@
 
 import io.quarkus.oidc.SecurityEvent;
 import io.quarkus.oidc.SecurityEvent.Type;
-import io.quarkus.oidc.common.runtime.OidcCommonUtils;
 import io.quarkus.oidc.common.runtime.OidcConstants;
 import io.quarkus.security.spi.runtime.SecurityEventHelper;
 import io.vertx.core.Handler;
@@ -23,7 +22,6 @@
 
 public class BackChannelLogoutHandler {
     private static final Logger LOG = Logger.getLogger(BackChannelLogoutHandler.class);
-    private static final String SLASH = "/";
 
     void setup(@Observes Router router, DefaultTenantConfigResolver resolver) {
         final TenantConfigBean tenantConfigBean = resolver.getTenantConfigBean();
@@ -158,18 +156,9 @@ private TenantConfigContext getTenantConfigContext(final String requestPath) {
         private boolean isMatchingTenant(String requestPath, TenantConfigContext tenant) {
             return tenant.oidcConfig().tenantEnabled()
                     && tenant.oidcConfig().tenantId().get().equals(oidcTenantConfig.tenantId().get())
-                    && requestPath.equals(getRootPath() + tenant.oidcConfig().logout().backchannel().path().orElse(null));
+                    && requestPath.equals(OidcUtils.getRootPath(resolver.getRootPath())
+                            + tenant.oidcConfig().logout().backchannel().path().orElse(null));
         }
 
-        private String getRootPath() {
-            // Prepend '/' if it is not present
-            String rootPath = OidcCommonUtils.prependSlash(resolver.getRootPath());
-            // Strip trailing '/' if the length is > 1
-            if (rootPath.length() > 1 && rootPath.endsWith("/")) {
-                rootPath = rootPath.substring(rootPath.length() - 1);
-            }
-            // if it is only '/' then return an empty value
-            return SLASH.equals(rootPath) ? "" : rootPath;
-        }
     }
 }

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java

@@ -938,4 +938,15 @@ public static String decryptToken(TenantConfigContext resolvedContext, String to
     public static boolean isDPoPScheme(String authorizationScheme) {
         return OidcConstants.DPOP_SCHEME.equalsIgnoreCase(authorizationScheme);
     }
+
+    public static String getRootPath(String configuredRootPath) {
+        // Prepend '/' if it is not present
+        String rootPath = OidcCommonUtils.prependSlash(configuredRootPath);
+        // Strip trailing '/' if the length is > 1
+        if (rootPath.length() > 1 && rootPath.endsWith("/")) {
+            rootPath = rootPath.substring(0, rootPath.length() - 1);
+        }
+        // if it is only '/' then return an empty value
+        return "/".equals(rootPath) ? "" : rootPath;
+    }
 }

extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java

@@ -33,6 +33,15 @@
 
 public class OidcUtilsTest {
 
+    @Test
+    public void getRoorPath() throws Exception {
+
+        assertEquals("", OidcUtils.getRootPath("/"));
+        assertEquals("/root", OidcUtils.getRootPath("/root"));
+        assertEquals("/root", OidcUtils.getRootPath("root"));
+        assertEquals("/root", OidcUtils.getRootPath("/root/"));
+    }
+
     @Test
     public void testDpopScheme() throws Exception {