Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1771: TokenBasedRememberMeServices won't work with erased credentials #2005

spring-issuemaster opened this Issue Jun 25, 2011 · 0 comments


None yet
1 participant

Luke Taylor (Migrated from SEC-1771) said:

TokenBasedRememberMeServices attempts to obtain the user's password from the Authentication object, after it has been erased by the ProviderManager, meaning that remember-me won't work. It will probably need to load it from the UserDetailsService when the password isn't directly available.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment