Add test for RequestedUrlRedirectInvalidSessionStrategy

web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java

@@ -150,6 +150,32 @@ public class SessionManagementFilterTests {
 		assertThat(response.getRedirectedUrl()).isEqualTo("/timedOut");
 	}
 
+	@Test
+	public void responseIsRedirectedToRequestedUrlIfSetAndSessionIsInvalid() throws Exception {
+		SecurityContextRepository repo = mock(SecurityContextRepository.class);
+		// repo will return false to containsContext()
+		SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
+		SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setRequestedSessionId("xxx");
+		request.setRequestedSessionIdValid(false);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		filter.doFilter(request, response, new MockFilterChain());
+		assertThat(response.getRedirectedUrl()).isNull();
+		// Now set a redirect URL
+		request = new MockHttpServletRequest();
+		request.setRequestedSessionId("xxx");
+		request.setRequestedSessionIdValid(false);
+		request.setRequestURI("/requested");
+		RequestedUrlRedirectInvalidSessionStrategy iss = new RequestedUrlRedirectInvalidSessionStrategy();
+		iss.setCreateNewSession(true);
+		filter.setInvalidSessionStrategy(iss);
+		FilterChain fc = mock(FilterChain.class);
+		filter.doFilter(request, response, fc);
+		verifyZeroInteractions(fc);
+		assertThat(response.getRedirectedUrl()).isEqualTo("/requested");
+	}
+
 	@Test
 	public void customAuthenticationTrustResolver() throws Exception {
 		AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);