Merge branch '5.8.x' into 6.0.x

Closes gh-13795

Author: marcusdacoregio

web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.security.web.savedrequest;
 
 import java.util.Base64;
+import java.util.Collections;
 
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
@@ -77,7 +78,7 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
 		int port = getPort(uriComponents);
 		return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
 				.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
-				.setMethod(request.getMethod()).build();
+				.setMethod(request.getMethod()).setLocales(Collections.list(request.getLocales())).build();
 	}
 
 	private int getPort(UriComponents uriComponents) {

web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,10 @@
 
 package org.springframework.security.web.savedrequest;
 
+import java.util.Arrays;
 import java.util.Base64;
+import java.util.Collections;
+import java.util.Locale;
 
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
@@ -182,6 +185,25 @@ public void removeRequestWhenInvokedThenSetsAnExpiredCookieOnResponse() {
 		assertThat(expiredCookie.getMaxAge()).isZero();
 	}
 
+	// gh-13792
+	@Test
+	public void matchingRequestWhenMatchThenKeepOriginalRequestLocale() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServerPort(443);
+		request.setSecure(true);
+		request.setScheme("https");
+		request.setServerName("example.com");
+		request.setRequestURI("/destination");
+		request.setPreferredLocales(Arrays.asList(Locale.FRENCH, Locale.GERMANY));
+		String redirectUrl = "https://example.com/destination";
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
+		assertThat(matchingRequest).isNotNull();
+		assertThat(Collections.list(matchingRequest.getLocales())).contains(Locale.FRENCH, Locale.GERMANY);
+	}
+
 	private static String encodeCookie(String cookieValue) {
 		return Base64.getEncoder().encodeToString(cookieValue.getBytes());
 	}