SEC-451: Correctly handle an empty context path.

core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java

@@ -310,6 +310,10 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
             uri = uri.substring(0, pathParamIndex);
         }
 
+        if ("".equals(request.getContextPath())) {
+        	return uri.endsWith(filterProcessesUrl);
+        }
+        
         return uri.endsWith(request.getContextPath() + filterProcessesUrl);
     }
 

core/src/main/java/org/acegisecurity/ui/logout/LogoutFilter.java

@@ -132,6 +132,10 @@ public class LogoutFilter implements Filter {
             uri = uri.substring(0, pathParamIndex);
         }
 
+        if ("".equals(request.getContextPath())) {
+        	return uri.endsWith(filterProcessesUrl);
+        }
+        
         return uri.endsWith(request.getContextPath() + filterProcessesUrl);
     }