2 years ago · 1ca4781923
--- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2023 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -225,7 +225,8 @@ public class DefaultSavedRequest implements SavedRequest {
 
				 		if (!propertyEquals(this.pathInfo, request.getPathInfo())) {
			
 
				 			return false;
			
 
				 		}
			
 
				-		if (!propertyEquals(this.queryString, request.getQueryString())) {
			
 
				+		if (!propertyEquals(createQueryString(this.queryString, this.matchingRequestParameterName),
			
 
				+				request.getQueryString())) {
			
 
				 			return false;
			
 
				 		}
			
 
				 		if (!propertyEquals(this.requestURI, request.getRequestURI())) {
			
--- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2016 the original author or authors.
			
 
				+ * Copyright 2002-2023 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -114,6 +114,23 @@ public class HttpSessionRequestCacheTests {
 
				 		cache.setMatchingRequestParameterName("success");
			
 
				 		cache.saveRequest(request, new MockHttpServletResponse());
			
 
				 		MockHttpServletRequest requestToMatch = new MockHttpServletRequest();
			
 
				+		requestToMatch.setQueryString("success"); // gh-12665
			
 
				+		requestToMatch.setParameter("success", "");
			
 
				+		requestToMatch.setSession(request.getSession());
			
 
				+		HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());
			
 
				+		assertThat(matchingRequest).isNotNull();
			
 
				+	}
			
 
				+
			
 
				+	// gh-12665
			
 
				+	@Test
			
 
				+	public void getMatchingRequestWhenMatchingRequestParameterNameSetAndParameterExistAndQueryThenLookedUp() {
			
 
				+		MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				+		request.setQueryString("param=true");
			
 
				+		HttpSessionRequestCache cache = new HttpSessionRequestCache();
			
 
				+		cache.setMatchingRequestParameterName("success");
			
 
				+		cache.saveRequest(request, new MockHttpServletResponse());
			
 
				+		MockHttpServletRequest requestToMatch = new MockHttpServletRequest();
			
 
				+		requestToMatch.setQueryString("param=true&success");
			
 
				 		requestToMatch.setParameter("success", "");
			
 
				 		requestToMatch.setSession(request.getSession());
			
 
				 		HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());
			
@@ -128,6 +145,7 @@ public class HttpSessionRequestCacheTests {
 
				 		cache.saveRequest(request, new MockHttpServletResponse());
			
 
				 		assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
			
 
				 		MockHttpServletRequest requestToMatch = new MockHttpServletRequest();
			
 
				+		requestToMatch.setQueryString("success");
			
 
				 		requestToMatch.setParameter("success", "");
			
 
				 		requestToMatch.setSession(request.getSession());
			
 
				 		HttpServletRequest matchingRequest = cache.getMatchingRequest(requestToMatch, new MockHttpServletResponse());