root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 28 Packages Projects Releases Wiki Activity

Fix HttpSessionRequestCache#getMatchingRequest query string parsing 

- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.

Fixes gh-16656

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
This commit is contained in:
Daniel Garnier-Moiroux 2025-04-09 20:20:38 +02:00
parent db34de59bc
commit ae998c7b52
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
View File

@ -103,11 +103,11 @@ public class HttpSessionRequestCache implements RequestCache {
@Override
public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
if (this.matchingRequestParameterName != null) {
if (!StringUtils.hasText(request.getQueryString())
|| !UriComponentsBuilder.fromUriString(UrlUtils.buildRequestUrl(request))
.build()
.getQueryParams()
.containsKey(this.matchingRequestParameterName)) {
if (!StringUtils.hasText(request.getQueryString()) || !UriComponentsBuilder.newInstance()
.query(request.getQueryString())
.build()
.getQueryParams()
.containsKey(this.matchingRequestParameterName)) {
this.logger.trace(
"matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided");
return null;

15
web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
View File

@ -168,6 +168,21 @@ public class HttpSessionRequestCacheTests {
verify(request, never()).getParameterMap();
}
// gh-16656
@Test
public void getMatchingRequestWhenMatchingRequestPathContainsPercentSignThenLookedUp() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/30 % off");
HttpSessionRequestCache cache = new HttpSessionRequestCache();
cache.saveRequest(request, new MockHttpServletResponse());
MockHttpServletRequest requestToMatch = new MockHttpServletRequest();
requestToMatch.setServletPath("/30 % off");
requestToMatch.setQueryString("continue");
requestToMatch.setSession(request.getSession());
HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());
assertThat(matchingRequest).isNotNull();
}
private static final class CustomSavedRequest implements SavedRequest {
private final SavedRequest delegate;