Add test for redirect url validation

src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java

@@ -730,7 +730,7 @@ protected AuthorizationCodeFlow buildAuthorizationCodeFlow() {
         return builder.build();
     }
 
-    private String getValidRedirectUrl(String url) {
+    protected String getValidRedirectUrl(String url) {
         if (url != null && !url.isEmpty()) {
             // Check if the URL is relative and starts with a slash
             if (url.startsWith("/")) {

src/test/java/org/jenkinsci/plugins/oic/OicSecurityRealmTest.java

@@ -4,6 +4,8 @@
 import com.github.tomakehurst.wiremock.junit.WireMockRule;
 import hudson.util.Secret;
 import java.io.IOException;
+import java.net.MalformedURLException;
+
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.GrantedAuthority;
@@ -16,6 +18,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
 
 public class OicSecurityRealmTest {
 
@@ -83,4 +86,17 @@ public void testShouldSetNullClientSecretWhenSecretIsNone() throws IOException {
             .build();
         assertEquals("none", Secret.toString(realm.getClientSecret()));
     }
+
+    @Test
+    public void testGetValidRedirectUrl() throws IOException {
+        String rootUrl = "http://localhost:" + wireMockRule.port() + "/jenkins/";
+
+        TestRealm realm = new TestRealm.Builder(wireMockRule)
+                .WithMinimalDefaults().build();
+        assertEquals(rootUrl + "foo", realm.getValidRedirectUrl("/foo"));
+        assertEquals(rootUrl + "bar", realm.getValidRedirectUrl(rootUrl + "bar"));
+        assertEquals(rootUrl, realm.getValidRedirectUrl(null));
+        assertEquals(rootUrl, realm.getValidRedirectUrl(""));
+        assertThrows(MalformedURLException.class, () -> realm.getValidRedirectUrl("foobar"));
+    }
 }