SEC-1281: RememberMeAuthenticationProvider is created with default "key" parameter instead of my own specified #1530

Closed
spring-issuemaster opened this Issue Oct 30, 2009 · 2 comments

1 participant

@spring-issuemaster

Nickolay Mazurkin (Migrated from SEC-1281) said:

I tried to define my own RememberMeService as shown

services-ref="rememberMeServices"
key="${app.security.key.rememberMe}"/>








But RememberMeAuthenticationProvider instance is created with default "SpringSecured" key instead of my own so RememberMeAuthenticationProvider.authenticate never succeeds.

@spring-issuemaster

Nickolay Mazurkin said:

I've registered my own RememberMe provider



Everything works fine but as I can see there are two RememberMeAuthentication providers now - one is default in child authentication manager (with the wrong default key) and one is mine in parent authentication manager (with the right mine key).

@spring-issuemaster

Luke Taylor said:

Thanks for the report. I've updated the namespace parsing code to make sure that the selected key is used even if an external RememberMeServices is in use, which should fix the issue. If you are using the element then the internally defined provider will always be created.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment