spring-projects · rwinch · Mar 9, 2026 · Mar 8, 2026 · Mar 9, 2026 · Mar 9, 2026
diff --git a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
@@ -10,7 +10,7 @@ After the credential is registered, it can be used to authenticate by xref:servl
 [[passkeys-dependencies]]
 == Required Dependencies
 
-To get started, add the `webauthn4j-core` dependency to your project.
+To get started, add the `spring-security-webauthn` dependency to your project.
 
 [NOTE]
 ====
@@ -26,12 +26,7 @@ Maven::
 ----
 <dependency>
     <groupId>org.springframework.security</groupId>
-    <artifactId>spring-security-web</artifactId>
-</dependency>
-<dependency>
-    <groupId>com.webauthn4j</groupId>
-    <artifactId>webauthn4j-core</artifactId>
-    <version>{webauthn4j-core-version}</version>
+    <artifactId>spring-security-webauthn</artifactId>
 </dependency>
 ----
 
@@ -40,8 +35,7 @@ Gradle::
 [source,groovy,role="secondary",subs="verbatim,attributes"]
 ----
 dependencies {
-    implementation "org.springframework.security:spring-security-web"
-    implementation "com.webauthn4j:webauthn4j-core:{webauthn4j-core-version}"
+    implementation "org.springframework.security:spring-security-webauthn"
 }
 ----
 ======

diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -93,6 +93,7 @@ public void saveRequest(HttpServletRequest request, HttpServletResponse response
 			.setServerPort(port)
 			.setMethod(request.getMethod())
 			.setLocales(Collections.list(request.getLocales()))
+			.setParameters(request.getParameterMap())
 			.build();
 	}
 

diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -108,6 +108,21 @@ public void getRequestWhenRequestContainsSavedRequestCookieThenReturnsSaveReques
 		assertThat(savedRequest.getRedirectUrl()).isEqualTo(redirectUrl);
 	}
 
+	@Test
+	public void getRequestWhenRequestContainsSavedRequestCookieThenSavedRequestContainsRequestParameters() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie("https://abc.com/destination")));
+		request.setParameter("single", "first");
+		request.addParameter("multi", "second");
+		request.addParameter("multi", "third");
+		SavedRequest savedRequest = cookieRequestCache.getRequest(request, new MockHttpServletResponse());
+		assertThat(savedRequest).isNotNull();
+		assertThat(savedRequest.getParameterValues("single")).containsExactly("first");
+		assertThat(savedRequest.getParameterValues("multi")).containsExactly("second", "third");
+		assertThat(savedRequest.getParameterMap()).containsKeys("single", "multi");
+	}
+
 	@Test
 	public void matchingRequestWhenRequestDoesNotContainSavedRequestCookieThenReturnsNull() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();