SEC-2569: SavedRequestAwareWrapper no longer overrides getCookies()

Previously SavedRequestAwareWrapper overrode the getCookies() method. This
meant that the cookies from the original request were used instead of the
new request. In general, this does not make sense since cookies are
automatically submitted in every request by a client. Additionally, this
caused problems with using a locale cookie that was specified after the
secured page was requested.

Now SavedRequestAwareWrapper uses the new incoming request for determining
the cookies.

Author: Rob Winch

web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAdapter.java

@@ -85,13 +85,6 @@ public SavedRequestAwareWrapper(SavedRequest saved, HttpServletRequest request)
 
     //~ Methods ========================================================================================================
 
-    @Override
-    public Cookie[] getCookies() {
-        List<Cookie> cookies = savedRequest.getCookies();
-
-        return cookies.toArray(new Cookie[cookies.size()]);
-    }
-
     @Override
     public long getDateHeader(String name) {
         String value = getHeader(name);

web/src/main/java/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.java

@@ -23,13 +23,16 @@ private SavedRequestAwareWrapper createWrapper(MockHttpServletRequest requestToS
         return new SavedRequestAwareWrapper(saved, requestToWrap);
     }
 
+    // SEC-2569
     @Test
-    public void savedRequestCookiesAreReturnedIfSavedRequestIsSet() throws Exception {
+    public void savedRequestCookiesAreIgnored() throws Exception {
+        MockHttpServletRequest newRequest = new MockHttpServletRequest();
+        newRequest.setCookies(new Cookie[] {new Cookie("cookie", "fromnew")});
         MockHttpServletRequest savedRequest = new MockHttpServletRequest();
         savedRequest.setCookies(new Cookie[] {new Cookie("cookie", "fromsaved")});
-        SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest());
+        SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, newRequest);
         assertEquals(1, wrapper.getCookies().length);
-        assertEquals("fromsaved", wrapper.getCookies()[0].getValue());
+        assertEquals("fromnew", wrapper.getCookies()[0].getValue());
     }
 
     @Test