CookieRequestCache Should Preserve Request Locale

Closes gh-13792
2 years ago · ce012a4661
2 changed files with 26 additions and 3 deletions
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,6 +17,7 @@
				@@ -17,6 +17,7 @@
 package org.springframework.security.web.savedrequest;

 import java.util.Base64;
+import java.util.Collections;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@ -78,7 +79,7 @@ public class CookieRequestCache implements RequestCache {
				@@ -78,7 +79,7 @@ public class CookieRequestCache implements RequestCache {
 		int port = getPort(uriComponents);
 		return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
 				.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
-				.setMethod(request.getMethod()).build();
+				.setMethod(request.getMethod()).setLocales(Collections.list(request.getLocales())).build();
 	}

 	private int getPort(UriComponents uriComponents) {
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,7 +16,10 @@
				@@ -16,7 +16,10 @@

 package org.springframework.security.web.savedrequest;

+import java.util.Arrays;
 import java.util.Base64;
+import java.util.Collections;
+import java.util.Locale;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@ -183,6 +186,25 @@ public class CookieRequestCacheTests {
				@@ -183,6 +186,25 @@ public class CookieRequestCacheTests {
 		assertThat(expiredCookie.getMaxAge()).isZero();
 	}

+	// gh-13792
+	@Test
+	public void matchingRequestWhenMatchThenKeepOriginalRequestLocale() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServerPort(443);
+		request.setSecure(true);
+		request.setScheme("https");
+		request.setServerName("example.com");
+		request.setRequestURI("/destination");
+		request.setPreferredLocales(Arrays.asList(Locale.FRENCH, Locale.GERMANY));
+		String redirectUrl = "https://example.com/destination";
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
+		assertThat(matchingRequest).isNotNull();
+		assertThat(Collections.list(matchingRequest.getLocales())).contains(Locale.FRENCH, Locale.GERMANY);
+	}
+
 	private static String encodeCookie(String cookieValue) {
 		return Base64.getEncoder().encodeToString(cookieValue.getBytes());
 	}