Fix HandlerMappingIntrospector uri matching

Prior to this commit, the `HandlerMappingIntrospector` would comparea request with a cached request by using `String#matches` on their String URI. This could lead to `PatternSyntaxException` exceptions at runtime if the request URI contained pattern characters. This commit fixes this typo to use `String#equals` instead. Fixes gh-31937
spring-projects · Jan 4, 2024 · 7c9307e · 7c9307e
1 parent 4f599b7
commit 7c9307e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/...mvc/src/main/java/org/springframework/web/servlet/handler/HandlerMappingIntrospector.java b/...mvc/src/main/java/org/springframework/web/servlet/handler/HandlerMappingIntrospector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -399,7 +399,7 @@ private CachedResult(HttpServletRequest request,
 
 		public boolean matches(HttpServletRequest request) {
 			return (this.dispatcherType.equals(request.getDispatcherType()) &&
-					this.requestURI.matches(request.getRequestURI()));
+					this.requestURI.equals(request.getRequestURI()));
 		}
 
 		@Nullable

diff --git a/...rc/test/java/org/springframework/web/servlet/handler/HandlerMappingIntrospectorTests.java b/...rc/test/java/org/springframework/web/servlet/handler/HandlerMappingIntrospectorTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -204,15 +204,16 @@ void getCorsConfigurationActual() {
 		assertThat(corsConfig.getAllowedMethods()).isEqualTo(Collections.singletonList("POST"));
 	}
 
-	@Test
-	void cacheFilter() throws Exception {
+	@ParameterizedTest
+	@ValueSource(strings = {"/test", "/resource/1234****"}) // gh-31937
+	void cacheFilter(String uri) throws Exception {
 		CorsConfiguration corsConfig = new CorsConfiguration();
 		TestMatchableHandlerMapping mapping = new TestMatchableHandlerMapping();
-		mapping.registerHandler("/test", new TestHandler(corsConfig));
+		mapping.registerHandler("/*", new TestHandler(corsConfig));
 
 		HandlerMappingIntrospector introspector = initIntrospector(mapping);
 
-		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/test");
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", uri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		MockFilterChain filterChain = new MockFilterChain(