From aeb5fc1fb01aec0b944b7f059a4d40b65fe4b8c7 Mon Sep 17 00:00:00 2001 From: Daniel Garnier-Moiroux Date: Wed, 9 Apr 2025 20:20:38 +0200 Subject: [PATCH] Fix HttpSessionRequestCache#getMatchingRequest query string parsing - URL parsing changed in framework 6.2, and fails when path contains a % sign. - The HttpSessionRequestCache only needs to inspect the query string, not the full URL. Fixes gh-16656 Signed-off-by: Daniel Garnier-Moiroux --- .../web/savedrequest/HttpSessionRequestCache.java | 10 +++++----- .../HttpSessionRequestCacheTests.java | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java index 9e51943f72..8149c5180e 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java @@ -103,11 +103,11 @@ public class HttpSessionRequestCache implements RequestCache { @Override public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) { if (this.matchingRequestParameterName != null) { - if (!StringUtils.hasText(request.getQueryString()) - || !UriComponentsBuilder.fromUriString(UrlUtils.buildRequestUrl(request)) - .build() - .getQueryParams() - .containsKey(this.matchingRequestParameterName)) { + if (!StringUtils.hasText(request.getQueryString()) || !UriComponentsBuilder.newInstance() + .query(request.getQueryString()) + .build() + .getQueryParams() + .containsKey(this.matchingRequestParameterName)) { this.logger.trace( "matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided"); return null; diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java index dc05a00562..4b28a31b16 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java @@ -168,6 +168,21 @@ public class HttpSessionRequestCacheTests { verify(request, never()).getParameterMap(); } + // gh-16656 + @Test + public void getMatchingRequestWhenMatchingRequestPathContainsPercentSignThenLookedUp() { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/30 % off"); + HttpSessionRequestCache cache = new HttpSessionRequestCache(); + cache.saveRequest(request, new MockHttpServletResponse()); + MockHttpServletRequest requestToMatch = new MockHttpServletRequest(); + requestToMatch.setServletPath("/30 % off"); + requestToMatch.setQueryString("continue"); + requestToMatch.setSession(request.getSession()); + HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse()); + assertThat(matchingRequest).isNotNull(); + } + private static final class CustomSavedRequest implements SavedRequest { private final SavedRequest delegate;