This is an automated email from the ASF dual-hosted git repository.
jungm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git
The following commit(s) were added to refs/heads/main by this push:
new 87d803547e TOMEE-4596 - OpenIdAuthenticationMechanism invalidate
session after redirect uri has been built
87d803547e is described below
commit 87d803547e010493bfc05b668272405220d0ae9a
Author: Markus Jung <[email protected]>
AuthorDate: Mon Mar 23 08:03:21 2026 +0100
TOMEE-4596 - OpenIdAuthenticationMechanism invalidate session after
redirect uri has been built
---
.../cdi/OpenIdAuthenticationMechanism.java | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git
a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/OpenIdAuthenticationMechanism.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/OpenIdAuthenticationMechanism.java
index 8c1ae5b548..230194cb44 100644
---
a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/OpenIdAuthenticationMechanism.java
+++
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/OpenIdAuthenticationMechanism.java
@@ -76,11 +76,24 @@ public class OpenIdAuthenticationMechanism implements
HttpAuthenticationMechanis
@Override
public void cleanSubject(HttpServletRequest request, HttpServletResponse
response, HttpMessageContext httpMessageContext) {
+ String redirectTarget = buildRedirectUri();
+
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
+ if (redirectTarget != null) {
+ httpMessageContext.redirect(redirectTarget);
+ return;
+ }
+
+ // Restart authorization by redirecting to openid provider
+ redirectToAuthorization(request, response, httpMessageContext);
+ }
+
+ private String buildRedirectUri()
+ {
if (definition.logout().notifyProvider()) {
if (!definition.providerMetadata().endSessionEndpoint().isEmpty())
{
UriBuilder endSession =
UriBuilder.fromUri(definition.providerMetadata().endSessionEndpoint())
@@ -90,18 +103,15 @@ public class OpenIdAuthenticationMechanism implements
HttpAuthenticationMechanis
endSession.queryParam(OpenIdConstant.POST_LOGOUT_REDIRECT_URI,
definition.logout().redirectURI());
}
- httpMessageContext.redirect(endSession.build().toString());
- return;
+ return endSession.build().toString();
}
} else {
if (!definition.logout().redirectURI().isEmpty()) {
- httpMessageContext.redirect(definition.logout().redirectURI());
- return;
+ return definition.logout().redirectURI();
}
}
- // Restart authorization by redirecting to openid provider
- redirectToAuthorization(request, response, httpMessageContext);
+ return null;
}
@Override
