SEC-1356: Fix broken tests.

Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..

web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java

@@ -249,7 +249,7 @@ public class AbstractRememberMeServicesTests {
         MockRememberMeServices services = new MockRememberMeServices();
         Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
-
+        cookie.setPath("/");
         return new Cookie[] {cookie};
     }
 

web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java

@@ -109,6 +109,7 @@ public class TokenBasedRememberMeServicesTests {
     @Test
     public void autoLoginIgnoresUnrelatedCookie() throws Exception {
         Cookie cookie = new Cookie("unrelated_cookie", "foobar");
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
         MockHttpServletResponse response = new MockHttpServletResponse();
@@ -119,10 +120,27 @@ public class TokenBasedRememberMeServicesTests {
         assertNull(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY));
     }
 
+    // SEC-1356
+    @Test
+    public void autoLoginIgnoresCookieWithWrongPath() throws Exception {
+        Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "foobar");
+        cookie.setPath("/");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setContextPath("not_root");
+        request.setCookies(new Cookie[] {cookie});
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        Authentication result = services.autoLogin(request, response);
+
+        assertNull(result);
+        assertNull(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY));
+    }
+
     @Test
     public void autoLoginReturnsNullForExpiredCookieAndClearsCookie() throws Exception {
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password", "key"));
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -138,6 +156,7 @@ public class TokenBasedRememberMeServicesTests {
     public void autoLoginReturnsNullAndClearsCookieIfMissingThreeTokensInCookieValue() throws Exception {
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 new String(Base64.encodeBase64("x".getBytes())));
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -153,6 +172,7 @@ public class TokenBasedRememberMeServicesTests {
     public void autoLoginClearsNonBase64EncodedCookie() throws Exception {
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 "NOT_BASE_64_ENCODED");
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -170,6 +190,7 @@ public class TokenBasedRememberMeServicesTests {
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
                     "WRONG_KEY"));
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -186,6 +207,8 @@ public class TokenBasedRememberMeServicesTests {
     public void autoLoginClearsCookieIfTokenDoesNotContainANumberInCookieValue() throws Exception {
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
+        cookie.setPath("/");
+
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -202,6 +225,7 @@ public class TokenBasedRememberMeServicesTests {
         jmock.checking(udsWillThrowNotFound);
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
 
@@ -219,6 +243,7 @@ public class TokenBasedRememberMeServicesTests {
         jmock.checking(udsWillReturnUser);
         Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
+        cookie.setPath("/");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});