SEC-2880: Add a setter method to override the cookie name of remember-me

2025-03-09 06:50:05 +00:00 · 2015-02-26 10:07:51 +09:00 · 2015-02-26 10:07:51 +09:00 · 0c77c2071b
commit 0c77c2071b
parent ec89fdcfaa
2 changed files with 33 additions and 2 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -180,6 +180,18 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
 		return this;
 	}

+	/**
+	 * The name of cookie which store the token for remember me authentication. Defaults to 'remember-me'.
+	 *
+	 * @param rememberMeCookieName the name of cookie which store the token for remember me authentication
+	 * @return  the {@link RememberMeConfigurer} for further customization
+	 * @since 4.0.1
+	 */
+	public RememberMeConfigurer<H> rememberMeCookieName(String rememberMeCookieName) {
+		this.rememberMeCookieName = rememberMeCookieName;
+		return this;
+	}
+
 	/**
 	 * Allows control over the destination a remembered user is sent to when they are
 	 * successfully authenticated. By default, the filter will just allow the current
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -270,6 +270,25 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
            findFilter(RememberMeAuthenticationFilter).rememberMeServices.parameter == "rememberMe"
    }

+    @Configuration
+    static class RememberMeCookieNameConfig extends BaseWebConfig {
+        protected void configure(HttpSecurity http) throws Exception {
+            http
+                .formLogin()
+                    .and()
+                .rememberMe()
+                    .rememberMeCookieName("rememberMe")
+        }
+    }
+
+    // SEC-2880
+    def "http/remember-me@remember-me-cookie"() {
+        when: "use custom rememberMeCookieName"
+        loadConfig(RememberMeCookieNameConfig)
+        then: "custom rememberMeCookieName will be used"
+        findFilter(RememberMeAuthenticationFilter).rememberMeServices.cookieName == "rememberMe"
+    }
+
    @Configuration
    static class UseSecureCookieConfig extends BaseWebConfig {
        protected void configure(HttpSecurity http) throws Exception {