Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1044: Remove remember-me functionality from http auto-config namespace configuration #1295

spring-issuemaster opened this Issue Dec 1, 2008 · 1 comment


None yet
1 participant

Luke Taylor(Migrated from SEC-1044) said:

This causes too much confusion as it requires a UserDetailsService in the configuration and some authentication providers (e.g. LDAP, JAAS) don’t automatically provide one. Users just copy the base configuration and are confused when it fails. It is trivial to add remember-me using the tag and arguably it shouldn’t be part of a basic configuration anyway.

Luke Taylor said:

I’ve changed HttpSecurityBeanDefinitionParser to only add remember-me configuration if it finds an explicit element in the block.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment