SEC-1771: TokenBasedRememberMeServices won't work with erased credentials #2005

spring-issuemaster opened this Issue Jun 25, 2011 · 0 comments

1 participant


Luke Taylor (Migrated from SEC-1771) said:

TokenBasedRememberMeServices attempts to obtain the user's password from the Authentication object, after it has been erased by the ProviderManager, meaning that remember-me won't work. It will probably need to load it from the UserDetailsService when the password isn't directly available.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment