diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java index 1f826ad82d..8f4e564bb7 100644 --- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java +++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java @@ -158,6 +158,8 @@ public class FilterChainProxy extends GenericFilterBean { logger.debug(url + (filters == null ? " has no matching filters" : " has an empty filter list")); } + fwRequest.reset(); + chain.doFilter(fwRequest, fwResponse); return; diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java index a381b44f09..62cb1fb68a 100644 --- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java @@ -10,6 +10,7 @@ import org.mockito.stubbing.Answer; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.web.firewall.FirewalledRequest; +import org.springframework.security.web.firewall.HttpFirewall; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -100,4 +101,17 @@ public class FilterChainProxyTests { verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class)); } + @Test + public void wrapperIsResetWhenNoMatchingFilters() throws Exception { + request.setServletPath("/nomatch"); + HttpFirewall fw = mock(HttpFirewall.class); + FirewalledRequest fwr = mock (FirewalledRequest.class); + when(fwr.getRequestURI()).thenReturn("/"); + when(fwr.getContextPath()).thenReturn(""); + fcp.setFirewall(fw); + when(fw.getFirewalledRequest(request)).thenReturn(fwr); + fcp.doFilter(request, response, chain); + verify(fwr).reset(); + } + }