Luke Taylor (Migrated from SEC-1044) said:
This causes too much confusion as it requires a UserDetailsService in the configuration and some authentication providers (e.g. LDAP, JAAS) don’t automatically provide one. Users just copy the base configuration and are confused when it fails. It is trivial to add remember-me using the tag and arguably it shouldn’t be part of a basic configuration anyway.
Luke Taylor said:
I’ve changed HttpSecurityBeanDefinitionParser to only add remember-me configuration if it finds an explicit element in the block.