SEC-2036: Set cookie path to / when default context path in CookieClearingLogoutHandler

This commit is contained in:
Rob Winch
2012-09-19 11:29:55 -05:00
parent c53fd99430
commit 0a2fa03160
2 changed files with 22 additions and 1 deletions

View File

@@ -14,6 +14,22 @@ import org.springframework.security.core.Authentication;
* @author Luke Taylor
*/
public class CookieClearingLogoutHandlerTests {
// SEC-2036
@Test
public void emptyContextRootIsConverted() {
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("");
CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler("my_cookie");
handler.logout(request, response, mock(Authentication.class));
assertEquals(1, response.getCookies().length);
for (Cookie c : response.getCookies()) {
assertEquals("/", c.getPath());
assertEquals(0, c.getMaxAge());
}
}
@Test
public void configuredCookiesAreCleared() {
MockHttpServletResponse response = new MockHttpServletResponse();