SEC-3082: make SavedRequest parameters case sensitive

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -57,7 +57,7 @@ public class DefaultSavedRequest implements SavedRequest {
     private final ArrayList<SavedCookie> cookies = new ArrayList<SavedCookie>();
     private final ArrayList<Locale> locales = new ArrayList<Locale>();
     private final Map<String, List<String>> headers = new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER);
-    private final Map<String, String[]> parameters = new TreeMap<String, String[]>(String.CASE_INSENSITIVE_ORDER);
+    private final Map<String, String[]> parameters = new TreeMap<String, String[]>();
     private final String contextPath;
     private final String method;
     private final String pathInfo;

web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java

@@ -30,12 +30,15 @@ public class DefaultSavedRequestTests {
         assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
     }
 
-    // TODO: Why are parameters case insensitive. I think this is a mistake
+    // SEC-3082
     @Test
-    public void parametersAreCaseInsensitive() throws Exception {
+    public void parametersAreCaseSensitive() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter("ThisIsATest", "Hi mom");
-        DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
+        request.addParameter("AnotHerTest", "Hi dad");
+        request.addParameter("thisisatest", "Hi mom");
+        DefaultSavedRequest saved = new DefaultSavedRequest(request,
+                new MockPortResolver(8080, 8443));
         assertEquals("Hi mom", saved.getParameterValues("thisisatest")[0]);
+        assertNull(saved.getParameterValues("anothertest"));
     }
 }