ServerRequestCache.removeMatchingRequest

Issue: gh-4789

web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java

@@ -60,15 +60,8 @@ public class WebSessionServerCsrfTokenRepository
 			return Mono.just(token);
 		}
 		return exchange.getSession()
-			.map(WebSession::getAttributes)
-			.flatMap( attrs -> save(attrs, token));
-	}
-
-	private Mono<CsrfToken> save(Map<String, Object> attributes, CsrfToken token) {
-		return Mono.defer(() -> {
-			putToken(attributes, token);
-			return Mono.justOrEmpty(token);
-		});
+			.doOnSuccess(session -> putToken(session.getAttributes(), token))
+			.flatMap(r -> Mono.justOrEmpty(token));
 	}
 
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {

web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java

@@ -38,16 +38,11 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
 		return Mono.empty();
 	}
 
-	@Override
-	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
-		return Mono.empty();
-	}
-
 	public static NoOpServerRequestCache getInstance() {
 		return new NoOpServerRequestCache();
 	}

web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java

@@ -52,15 +52,5 @@ public interface ServerRequestCache {
 	 * @param exchange the exchange to obtain the request from
 	 * @return the {@link ServerHttpRequest}
 	 */
-	Mono<ServerHttpRequest> getMatchingRequest(ServerWebExchange exchange);
-
-	/**
-	 * If the {@link ServerWebExchange} contains a saved {@link ServerHttpRequest} remove
-	 * and return it.
-	 *
-	 * @param exchange the {@link ServerWebExchange} to obtain and remove the
-	 * {@link ServerHttpRequest}
-	 * @return the {@link ServerHttpRequest}
-	 */
-	Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange);
+	Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange);
 }

web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java

@@ -33,8 +33,7 @@ public class ServerRequestCacheWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requestCache.getMatchingRequest(exchange)
-			.flatMap(r -> this.requestCache.removeRequest(exchange))
+		return this.requestCache.removeMatchingRequest(exchange)
 			.map(r -> exchange.mutate().request(r).build())
 			.defaultIfEmpty(exchange)
 			.flatMap(e -> chain.filter(e));

web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java

@@ -77,22 +77,12 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	}
 
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
-		return getRedirectUri(exchange)
-			.map(URI::toASCIIString)
-			.map(path ->  exchange.getRequest().mutate().path(path).build())
-			.filter( request -> pathInApplication(request).equals(
-				pathInApplication(exchange.getRequest())));
-	}
-
-	@Override
-	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
 		return exchange.getSession()
 			.map(WebSession::getAttributes)
-			.flatMap(attrs -> Mono.justOrEmpty(attrs.remove(this.sessionAttrName)))
-			.cast(String.class)
-			.map(path -> exchange.getRequest().mutate().path(path).build());
+			.filter(attributes -> attributes.remove(this.sessionAttrName, pathInApplication(exchange.getRequest())))
+			.map(attributes -> exchange.getRequest());
 	}
 
 	private static String pathInApplication(ServerHttpRequest request) {

web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java

@@ -67,7 +67,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
-		ServerHttpRequest saved = this.cache.removeRequest(exchange).block();
+		ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
 
 		assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI());
 	}
@@ -77,7 +77,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
 
-		this.cache.removeRequest(exchange).block();
+		this.cache.removeMatchingRequest(exchange).block();
 
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}