From 4ff0724c87ee306e23a3758480417024e762915e Mon Sep 17 00:00:00 2001 From: shinD Date: Sun, 7 Aug 2022 02:46:34 +0900 Subject: [PATCH] slight improvement in HttpSessionRequestCache Closes gh-11666 --- .../security/web/savedrequest/HttpSessionRequestCache.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java index 14dd7208f1..96ee4b467d 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -67,12 +67,13 @@ public class HttpSessionRequestCache implements RequestCache { } return; } - DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver, - this.matchingRequestParameterName); + if (this.createSessionAllowed || request.getSession(false) != null) { // Store the HTTP request itself. Used by // AbstractAuthenticationProcessingFilter // for redirection after successful authentication (SEC-29) + DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver, + this.matchingRequestParameterName); request.getSession().setAttribute(this.sessionAttrName, savedRequest); if (this.logger.isDebugEnabled()) { this.logger.debug(LogMessage.format("Saved request %s to session", savedRequest.getRedirectUrl()));