SEC-1044: Remove remember-me functionality from http auto-config namespace configuration #1295

spring-issuemaster opened this Issue Dec 1, 2008 · 1 comment

1 participant


Luke Taylor (Migrated from SEC-1044) said:

This causes too much confusion as it requires a UserDetailsService in the configuration and some authentication providers (e.g. LDAP, JAAS) don’t automatically provide one. Users just copy the base configuration and are confused when it fails. It is trivial to add remember-me using the tag and arguably it shouldn’t be part of a basic configuration anyway.


Luke Taylor said:

I’ve changed HttpSecurityBeanDefinitionParser to only add remember-me configuration if it finds an explicit element in the block.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment