There is no way to know if a custom logout success handler has been set

[heruan]

Expected Behavior

During HttpSecurity build process, a custom configurer might need to know if a custom logout success handler has been set for the LogoutConfigurer, for example:

class MyCustomDsl extends AbstractHttpConfigurer<MyCustomDsl, HttpSecurity> {

    @Override
    public void init(HttpSecurity http) throws Exception {
        var logout = http.getConfigurer(LogoutConfigurer.class);
        if (logout.isCustomLogoutSuccess()) { // <-- can't do this now
           // custom logout, preserve it
        } else {
           // no custom logout, customize it
        }
    }
}

would allow to preserve a custom handler set like this:

http.with(customDsl, withDefaults());
http.logout(logout -> logout.logoutSuccessHandler(customHandler));

Current Behavior

During the init phase of customDsl, it's not possible to know if logout.logoutSuccessHandler has ever been set, since:

• LogoutConfigurer does not set the custom handler as a shared object
• LogoutConfigurer#getLogoutSuccessHandler returns a new handler if not already set
• LogoutConfigurer#isCustomLogoutSuccess is not public

Context

This is affecting my custom handler's ability to set a logout success handler only if the user hasn't already set one. I couldn't find any alternative other than reflection, but I can't use reflection.