diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java index 44ee2d1f1c6..e5ccf6cf9d7 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -226,7 +226,8 @@ public boolean doesRequestMatch(HttpServletRequest request, PortResolver portRes if (!propertyEquals(this.pathInfo, request.getPathInfo())) { return false; } - if (!propertyEquals(this.queryString, request.getQueryString())) { + if (!propertyEquals(createQueryString(this.queryString, this.matchingRequestParameterName), + request.getQueryString())) { return false; } if (!propertyEquals(this.requestURI, request.getRequestURI())) { diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java index 9aae171fffb..ffe4c874bad 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -115,6 +115,23 @@ public void getMatchingRequestWhenMatchingRequestParameterNameSetAndParameterExi cache.setMatchingRequestParameterName("success"); cache.saveRequest(request, new MockHttpServletResponse()); MockHttpServletRequest requestToMatch = new MockHttpServletRequest(); + requestToMatch.setQueryString("success"); // gh-12665 + requestToMatch.setParameter("success", ""); + requestToMatch.setSession(request.getSession()); + HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse()); + assertThat(matchingRequest).isNotNull(); + } + + // gh-12665 + @Test + public void getMatchingRequestWhenMatchingRequestParameterNameSetAndParameterExistAndQueryThenLookedUp() { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setQueryString("param=true"); + HttpSessionRequestCache cache = new HttpSessionRequestCache(); + cache.setMatchingRequestParameterName("success"); + cache.saveRequest(request, new MockHttpServletResponse()); + MockHttpServletRequest requestToMatch = new MockHttpServletRequest(); + requestToMatch.setQueryString("param=true&success"); requestToMatch.setParameter("success", ""); requestToMatch.setSession(request.getSession()); HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());