From 07bfe371b456bb80de4071719eeec9d02bc7fb82 Mon Sep 17 00:00:00 2001
From: Vishnutheep B <vishnutheep@gmail.com>
Date: Mon, 9 Mar 2026 00:36:31 +0530
Subject: [PATCH 1/3] Fix CookieRequestCache parameters

Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
---
 .../web/savedrequest/CookieRequestCache.java      |  1 +
 .../web/savedrequest/CookieRequestCacheTests.java | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 297dea8bb72..c3cea8fca6d 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -91,6 +91,7 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
 			.setServerPort(port)
 			.setMethod(request.getMethod())
 			.setLocales(Collections.list(request.getLocales()))
+			.setParameters(request.getParameterMap())
 			.build();
 	}
 
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index ca8ea2cf190..8862e5ca94b 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -108,6 +108,21 @@ public void getRequestWhenRequestContainsSavedRequestCookieThenReturnsSaveReques
 		assertThat(savedRequest.getRedirectUrl()).isEqualTo(redirectUrl);
 	}
 
+	@Test
+	public void getRequestWhenRequestContainsSavedRequestCookieThenSavedRequestContainsRequestParameters() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie("https://abc.com/destination")));
+		request.setParameter("single", "first");
+		request.addParameter("multi", "second");
+		request.addParameter("multi", "third");
+		SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse());
+		assertThat(savedRequest).isNotNull();
+		assertThat(savedRequest.getParameterValues("single")).containsExactly("first");
+		assertThat(savedRequest.getParameterValues("multi")).containsExactly("second", "third");
+		assertThat(savedRequest.getParameterMap()).containsKeys("single", "multi");
+	}
+
 	@Test
 	public void matchingRequestWhenRequestDoesNotContainSavedRequestCookieThenReturnsNull() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();

From 8e8e1a80a99ae16d47d904539392e345be824578 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Wed, 24 Dec 2025 00:40:10 +0700
Subject: [PATCH 2/3] Add Passkeys webauthn in example

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
index dabb1d699fb..534eef12b21 100644
--- a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
@@ -26,7 +26,7 @@ Maven::
 ----
 <dependency>
     <groupId>org.springframework.security</groupId>
-    <artifactId>spring-security-web</artifactId>
+    <artifactId>spring-security-webauthn</artifactId>
 </dependency>
 <dependency>
     <groupId>com.webauthn4j</groupId>
@@ -40,7 +40,7 @@ Gradle::
 [source,groovy,role="secondary",subs="verbatim,attributes"]
 ----
 dependencies {
-    implementation "org.springframework.security:spring-security-web"
+    implementation "org.springframework.security:spring-security-webauthn"
     implementation "com.webauthn4j:webauthn4j-core:{webauthn4j-core-version}"
 }
 ----

From 26937bf06c28876c866e8ad43075fa58f4e22d23 Mon Sep 17 00:00:00 2001
From: Robert Winch <362503+rwinch@users.noreply.github.com>
Date: Mon, 9 Mar 2026 14:25:08 -0500
Subject: [PATCH 3/3] Remove unnecessary webauthn4j dependency

---
 .../ROOT/pages/servlet/authentication/passkeys.adoc       | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
index 534eef12b21..8f21a7b12a6 100644
--- a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
@@ -10,7 +10,7 @@ After the credential is registered, it can be used to authenticate by xref:servl
 [[passkeys-dependencies]]
 == Required Dependencies
 
-To get started, add the `webauthn4j-core` dependency to your project.
+To get started, add the `spring-security-webauthn` dependency to your project.
 
 [NOTE]
 ====
@@ -28,11 +28,6 @@ Maven::
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-webauthn</artifactId>
 </dependency>
-<dependency>
-    <groupId>com.webauthn4j</groupId>
-    <artifactId>webauthn4j-core</artifactId>
-    <version>{webauthn4j-core-version}</version>
-</dependency>
 ----
 
 Gradle::
@@ -41,7 +36,6 @@ Gradle::
 ----
 dependencies {
     implementation "org.springframework.security:spring-security-webauthn"
-    implementation "com.webauthn4j:webauthn4j-core:{webauthn4j-core-version}"
 }
 ----
 ======