Tony Dalbrekt(Migrated from SEC-1065) said:
Since our ldap doesn’t return the password when authenticating a user it is not available in the DirContextOperations instance and therefore not populated in the UserDetails instance by the LdapUserDetailsMapper#mapUserFromContext(…).
This causes the method TokenBasedRememberMeServices#retrievePassword(…) to return null since UserDetails#getPassword() returns null. The password is still available in Authentication#getCredentials() and a solution is to let the method retrievePassword(…) return the credentials if no password is found in the UserDetails instance.
Luke Taylor said:
I’m not clear on how the autoLogin part of TokenBasedRememberMeServices is supposed to work with this patch. Since you can’t retrieve the password from your LDAP server, it won’t possible to validate the remember-me cookie when it is submitted at a later time.
Tony Dalbrekt said:
Aah, absolutely right. I realize that now after some more digging. Guess you can close or remove this issue. Tnx!
Ok. Closing the issue as requested. You should still be able to work with the persistent remember-me version.