Skip to content

Commit b8be77b

Browse files
KehrlannKehrlann
committed
Fix HttpSessionRequestCache#getMatchingRequest query string parsing
- URL parsing changed in framework 6.2, and fails when path contains a % sign. - The HttpSessionRequestCache only needs to inspect the query string, not the full URL. Fixes spring-projectsgh-16656 Signed-off-by: Daniel Garnier-Moiroux <[email protected]>
1 parent db34de5 commit b8be77b

File tree

2 files changed

+16
-1
lines changed

2 files changed

+16
-1
lines changed

web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse
104104
public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
105105
if (this.matchingRequestParameterName != null) {
106106
if (!StringUtils.hasText(request.getQueryString())
107-
|| !UriComponentsBuilder.fromUriString(UrlUtils.buildRequestUrl(request))
107+
|| !UriComponentsBuilder.newInstance().query(request.getQueryString())
108108
.build()
109109
.getQueryParams()
110110
.containsKey(this.matchingRequestParameterName)) {

web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java

+15
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,21 @@ public void getMatchingRequestWhenMatchingRequestParameterNameSetThenDoesNotInvo
168168
verify(request, never()).getParameterMap();
169169
}
170170

171+
// gh-16656
172+
@Test
173+
public void getMatchingRequestWhenMatchingRequestPathContainsPercentSignThenLookedUp() {
174+
MockHttpServletRequest request = new MockHttpServletRequest();
175+
request.setServletPath("/30 % off");
176+
HttpSessionRequestCache cache = new HttpSessionRequestCache();
177+
cache.saveRequest(request, new MockHttpServletResponse());
178+
MockHttpServletRequest requestToMatch = new MockHttpServletRequest();
179+
requestToMatch.setServletPath("/30 % off");
180+
requestToMatch.setQueryString("continue");
181+
requestToMatch.setSession(request.getSession());
182+
HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());
183+
assertThat(matchingRequest).isNotNull();
184+
}
185+
171186
private static final class CustomSavedRequest implements SavedRequest {
172187

173188
private final SavedRequest delegate;

0 commit comments

Comments
 (0)