http://opensource.atlassian.com/projects/spring/browse/SEC-308

Headers should remain case-insensitive.

core/src/main/java/org/acegisecurity/ui/savedrequest/SavedRequest.java

@@ -30,6 +30,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.TreeMap;
 
 
 /**
@@ -55,7 +56,7 @@ public class SavedRequest implements java.io.Serializable {
 
     private ArrayList cookies = new ArrayList();
     private ArrayList locales = new ArrayList();
-    private HashMap headers = new HashMap();
+    private TreeMap headers = new TreeMap(String.CASE_INSENSITIVE_ORDER);
     private HashMap parameters = new HashMap();
     private String contextPath;
     private String method;

core/src/test/java/org/acegisecurity/ui/savedrequest/SavedCookieTest.java

@@ -1,67 +0,0 @@
-package org.acegisecurity.ui.savedrequest;
-
-import junit.framework.TestCase;
-
-import javax.servlet.http.Cookie;
-import java.io.Serializable;
-
-public class SavedCookieTest extends TestCase {
-
-    Cookie cookie;
-    SavedCookie savedCookie;
-
-    protected void setUp() throws Exception {
-        cookie = new Cookie("name", "value");
-        cookie.setComment("comment");
-        cookie.setDomain("domain");
-        cookie.setMaxAge(100);
-        cookie.setPath("path");
-        cookie.setSecure(true);
-        cookie.setVersion(11);
-        savedCookie = new SavedCookie(cookie);
-    }
-
-    public void testGetName() throws Exception {
-        assertEquals(cookie.getName(), savedCookie.getName());
-    }
-
-    public void testGetValue() throws Exception {
-        assertEquals(cookie.getValue(), savedCookie.getValue());
-    }
-
-    public void testGetComment() throws Exception {
-        assertEquals(cookie.getComment(), savedCookie.getComment());
-    }
-
-    public void testGetDomain() throws Exception {
-        assertEquals(cookie.getDomain(), savedCookie.getDomain());
-    }
-
-    public void testGetMaxAge() throws Exception {
-        assertEquals(cookie.getMaxAge(), savedCookie.getMaxAge());
-    }
-
-    public void testGetPath() throws Exception {
-        assertEquals(cookie.getPath(), savedCookie.getPath());
-    }
-
-    public void testGetVersion() throws Exception {
-        assertEquals(cookie.getVersion(), savedCookie.getVersion());
-    }
-
-    public void testGetCookie() throws Exception {
-        Cookie other = savedCookie.getCookie();
-        assertEquals(cookie.getComment(), other.getComment());
-        assertEquals(cookie.getDomain(), other.getDomain());
-        assertEquals(cookie.getMaxAge(), other.getMaxAge());
-        assertEquals(cookie.getName(), other.getName());
-        assertEquals(cookie.getPath(), other.getPath());
-        assertEquals(cookie.getSecure(), other.getSecure());
-        assertEquals(cookie.getValue(), other.getValue());
-        assertEquals(cookie.getVersion(), other.getVersion());
-    }
-
-    public void testSerializable() throws Exception {
-        assertTrue(savedCookie instanceof Serializable);
-    }
-}

core/src/test/java/org/acegisecurity/ui/savedrequest/SavedRequestTests.java

@@ -0,0 +1,16 @@
+package org.acegisecurity.ui.savedrequest;
+
+import junit.framework.TestCase;
+import org.acegisecurity.MockPortResolver;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+public class SavedRequestTests extends TestCase {
+
+    public void testCaseInsensitve() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addHeader("USER-aGenT", "Mozilla");
+        SavedRequest saved = new SavedRequest(request, new MockPortResolver(8080, 8443));
+        assertEquals("Mozilla", saved.getHeaderValues("user-agent").next());
+    }
+
+}