SEC-1081: Fix for PersistentTokenBasedRememberMeServices int overflow problem.

web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java

@@ -92,7 +92,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
                     "Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
         }
 
-        if (token.getDate().getTime() + getTokenValiditySeconds()*1000 < System.currentTimeMillis()) {
+        if (token.getDate().getTime() + getTokenValiditySeconds()*1000L < System.currentTimeMillis()) {
             throw new RememberMeAuthenticationException("Remember-me login has expired");
         }
 

web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java

@@ -30,6 +30,8 @@ public class PersistentTokenBasedRememberMeServicesTests {
     public void setUpData() throws Exception {
         services = new PersistentTokenBasedRememberMeServices();
         services.setCookieName("mycookiename");
+        // Default to 100 days (see SEC-1081).
+        services.setTokenValiditySeconds(100*24*60*60);
         services.setUserDetailsService(
                 new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false));
     }