Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1281: RememberMeAuthenticationProvider is created with default "key" parameter instead of my own specified #1530

spring-issuemaster opened this Issue Oct 30, 2009 · 2 comments


None yet
1 participant

Nickolay Mazurkin (Migrated from SEC-1281) said:

I tried to define my own RememberMeService as shown


But RememberMeAuthenticationProvider instance is created with default "SpringSecured" key instead of my own so RememberMeAuthenticationProvider.authenticate never succeeds.

Nickolay Mazurkin said:

I've registered my own RememberMe provider

<security:authentication-provider ref="rememberMeAuthenticationProvider"/>

Everything works fine but as I can see there are two RememberMeAuthentication providers now - one is default in child authentication manager (with the wrong default key) and one is mine in parent authentication manager (with the right mine key).

Luke Taylor said:

Thanks for the report. I've updated the namespace parsing code to make sure that the selected key is used even if an external RememberMeServices is in use, which should fix the issue. If you are using the element then the internally defined provider will always be created.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment