diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java index 823d201264..2fdeb29735 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java @@ -56,8 +56,6 @@ public class RedirectServerAuthenticationSuccessHandler Authentication authentication) { ServerWebExchange exchange = webFilterExchange.getExchange(); return this.requestCache.getRequest(exchange) - .map(r -> r.getPath().pathWithinApplication().value()) - .map(URI::create) .defaultIfEmpty(this.location) .flatMap(location -> this.redirectStrategy.sendRedirect(exchange, location)); } diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java index 6872a38506..d0bd571fd3 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java @@ -20,6 +20,8 @@ import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; +import java.net.URI; + /** * @author Rob Winch * @since 5.0 @@ -31,7 +33,7 @@ public class NoOpServerRequestCache implements ServerRequestCache { } @Override - public Mono getRequest(ServerWebExchange exchange) { + public Mono getRequest(ServerWebExchange exchange) { return Mono.empty(); } diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java index a4b256d0fd..ca0468e66c 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java @@ -20,6 +20,8 @@ import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; +import java.net.URI; + /** * Saves a {@link ServerHttpRequest} so it can be "replayed" later. This is useful for * when a page was requested and authentication is necessary. @@ -42,7 +44,7 @@ public interface ServerRequestCache { * @param exchange the exchange to obtain the saved {@link ServerHttpRequest} from * @return the {@link ServerHttpRequest} */ - Mono getRequest(ServerWebExchange exchange); + Mono getRequest(ServerWebExchange exchange); /** * If the provided {@link ServerWebExchange} matches the saved {@link ServerHttpRequest} diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java index bb3079ff42..8c496f3a4a 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java @@ -27,6 +27,8 @@ import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebSession; import reactor.core.publisher.Mono; +import java.net.URI; + /** * An implementation of {@link ServerRequestCache} that saves the * {@link ServerHttpRequest} in the {@link WebSession}. @@ -68,16 +70,18 @@ public class WebSessionServerRequestCache implements ServerRequestCache { } @Override - public Mono getRequest(ServerWebExchange exchange) { + public Mono getRequest(ServerWebExchange exchange) { return exchange.getSession() .flatMap(session -> Mono.justOrEmpty(session.getAttribute(this.sessionAttrName))) - .map(path -> exchange.getRequest().mutate().path(path).build()); + .map(URI::create); } @Override public Mono getMatchingRequest( ServerWebExchange exchange) { return getRequest(exchange) + .map(URI::toASCIIString) + .map(path -> exchange.getRequest().mutate().path(path).build()) .filter( request -> pathInApplication(request).equals( pathInApplication(exchange.getRequest()))); } diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java index 0ac1545725..27733429ea 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java @@ -22,6 +22,8 @@ import org.springframework.mock.http.server.reactive.MockServerHttpRequest; import org.springframework.mock.web.server.MockServerWebExchange; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher; +import java.net.URI; + import static org.assertj.core.api.Assertions.*; /** @@ -36,9 +38,9 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/")); this.cache.saveRequest(exchange).block(); - ServerHttpRequest saved = this.cache.getRequest(exchange).block(); + URI saved = this.cache.getRequest(exchange).block(); - assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI()); + assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @Test @@ -55,9 +57,9 @@ public class WebSessionServerRequestCacheTests { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/")); this.cache.saveRequest(exchange).block(); - ServerHttpRequest saved = this.cache.getRequest(exchange).block(); + URI saved = this.cache.getRequest(exchange).block(); - assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI()); + assertThat(saved).isEqualTo(exchange.getRequest().getURI()); } @Test