Fix StrictHttpFirewall rules

Fixes: gh-5044

web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java

@@ -340,7 +340,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 			return true;
 		}
 
-		if (path.indexOf("//") > 0) {
+		if (path.indexOf("//") > -1) {
 			return false;
 		}
 

web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java

@@ -26,7 +26,8 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class StrictHttpFirewallTests {
 	public String[] unnormalizedPaths = { "/..", "/./path/", "/path/path/.", "/path/path//.", "./path/../path//.",
-			"./path", ".//path", ".", "/path//" };
+		"./path", ".//path", ".", "//path", "//path/path", "//path//path", "/path//path" };
+
 
 	private StrictHttpFirewall firewall = new StrictHttpFirewall();