From 0a2fa03160fd75edca9543852b1b4f1e893e0b78 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@vmware.com>
Date: Wed, 19 Sep 2012 11:29:55 -0500
Subject: [PATCH] SEC-2036: Set cookie path to / when default context path in
 CookieClearingLogoutHandler

---
 .../logout/CookieClearingLogoutHandler.java      |  7 ++++++-
 .../logout/CookieClearingLogoutHandlerTests.java | 16 ++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index cb25f0a8cb..a19d3d7711 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 /**
  * A logout handler which clears a defined list of cookies, using the context path as the
@@ -26,7 +27,11 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
     public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
         for (String cookieName : cookiesToClear) {
             Cookie cookie = new Cookie(cookieName, null);
-            cookie.setPath(request.getContextPath());
+            String cookiePath = request.getContextPath();
+            if(!StringUtils.hasLength(cookiePath)) {
+                cookiePath = "/";
+            }
+            cookie.setPath(cookiePath);
             cookie.setMaxAge(0);
             response.addCookie(cookie);
         }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
index 7583c451eb..5cdd6520d4 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -14,6 +14,22 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  */
 public class CookieClearingLogoutHandlerTests {
+
+    // SEC-2036
+    @Test
+    public void emptyContextRootIsConverted() {
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setContextPath("");
+        CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler("my_cookie");
+        handler.logout(request, response, mock(Authentication.class));
+        assertEquals(1, response.getCookies().length);
+        for (Cookie c : response.getCookies()) {
+            assertEquals("/", c.getPath());
+            assertEquals(0, c.getMaxAge());
+        }
+    }
+
     @Test
     public void configuredCookiesAreCleared() {
         MockHttpServletResponse response = new MockHttpServletResponse();