Spring Security
  1. Spring Security
  2. SEC-1044

Remove remember-me functionality from http auto-config namespace configuration

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0 M1
    • Component/s: Namespace
    • Labels:
      None

      Description

      This causes too much confusion as it requires a UserDetailsService in the configuration and some authentication providers (e.g. LDAP, JAAS) don't automatically provide one. Users just copy the base configuration and are confused when it fails. It is trivial to add remember-me using the <remember-me> tag and arguably it shouldn't be part of a basic configuration anyway.

        Activity

        Hide
        Luke Taylor added a comment -

        I've changed HttpSecurityBeanDefinitionParser to only add remember-me configuration if it finds an explicit <remember-me/> element in the <http> block.

        Show
        Luke Taylor added a comment - I've changed HttpSecurityBeanDefinitionParser to only add remember-me configuration if it finds an explicit <remember-me/> element in the <http> block.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: