SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config

2025-05-30 16:52:13 +00:00 · 2015-02-24 20:49:56 -06:00 · 2015-02-24 20:49:56 -06:00 · 5f57e5b0c3
commit 5f57e5b0c3
parent f198804504
11 changed files with 15 additions and 15 deletions
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc
@ -584,10 +584,10 @@ remember-me.attlist &=
    ## Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful remember-me authentication.
    attribute authentication-success-handler-ref {xsd:token}?
 remember-me.attlist &=
-    ## The name of the request parameter which toggles remember-me authentication. Defaults to '_spring_security_remember_me'.
+    ## The name of the request parameter which toggles remember-me authentication. Defaults to 'remember-me'.
    attribute remember-me-parameter {xsd:token}?
 remember-me.attlist &=
-    ## The name of cookie which store the token for remember-me authentication. Defaults to 'SPRING_SECURITY_REMEMBER_ME_COOKIE'.
+    ## The name of cookie which store the token for remember-me authentication. Defaults to 'remember-me'.
    attribute remember-me-cookie {xsd:token}?

 token-repository-ref =
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd
@ -1823,14 +1823,14 @@
      <xs:attribute name="remember-me-parameter" type="xs:token">
         <xs:annotation>
            <xs:documentation>The name of the request parameter which toggles remember-me authentication. Defaults to
-                '_spring_security_remember_me'.
+                'remember-me'.
                </xs:documentation>
         </xs:annotation>
      </xs:attribute>
      <xs:attribute name="remember-me-cookie" type="xs:token">
          <xs:annotation>
              <xs:documentation>The name of cookie which store the token for remember-me authentication. Defaults to
-                  'SPRING_SECURITY_REMEMBER_ME_COOKIE'.
+                  'remember-me'.
              </xs:documentation>
          </xs:annotation>
      </xs:attribute>
--- a/docs/manual/src/docs/asciidoc/index.adoc
+++ b/docs/manual/src/docs/asciidoc/index.adoc
@ -7591,12 +7591,12 @@ A reference to a `DataSource` bean. If this is set, `PersistentTokenBasedRemembe

 [[nsa-remember-me-remember-me-parameter]]
 * **remember-me-parameter**
-The name of the request parameter which toggles remember-me authentication. Defaults to "_spring_security_remember_me". Maps to the "parameter" property of `AbstractRememberMeServices`.
+The name of the request parameter which toggles remember-me authentication. Defaults to "remember-me". Maps to the "parameter" property of `AbstractRememberMeServices`.


 [[nsa-remember-me-remember-me-cookie]]
 * **remember-me-cookie**
-The name of cookie which store the token for remember-me authentication. Defaults to "SPRING_SECURITY_REMEMBER_ME_COOKIE". Maps to the "cookieName" property of `AbstractRememberMeServices`.
+The name of cookie which store the token for remember-me authentication. Defaults to "remember-me". Maps to the "cookieName" property of `AbstractRememberMeServices`.


 [[nsa-remember-me-key]]
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
@ -119,7 +119,7 @@ public abstract class AbstractWebServerIntegrationTests {
    protected Cookie getRememberMeCookie() {
        List<Cookie> cookies = (List<Cookie>) tester.getTestingEngine().getCookies();
        for (Cookie c : cookies) {
-            if (c.getName().equals("SPRING_SECURITY_REMEMBER_ME_COOKIE")) {
+            if (c.getName().equals("remember-me")) {
                return c;
            }
        }
--- a/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java
+++ b/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java
@ -62,7 +62,7 @@ public class InMemoryProviderWebAppTests extends AbstractWebServerIntegrationTes
    @Test
    public void persistentLoginIsSuccesful() throws Exception {
        beginAt("secure/index.html");
-        tester.checkCheckbox("_spring_security_remember_me");
+        tester.checkCheckbox("remember-me");
        login("jimi", "jimispassword");
        Cookie rememberMe = getRememberMeCookie();
        assertNotNull(rememberMe);
--- a/itest/web/src/main/webapp/login.jsp
+++ b/itest/web/src/main/webapp/login.jsp
@ -20,7 +20,7 @@ Your login attempt was not successful, try again. ${SPRING_SECURITY_LAST_EXCEPTI
  <table>
    <tr><td>User:</td><td><input type='text' name='username' value=''/></td></tr>
    <tr><td>Password:</td><td><input type='password' name='password'></td></tr>
-    <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
+    <tr><td><input type="checkbox" name="remember-me"></td><td>Don't ask for my password for two weeks</td></tr>
    <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
    <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
  </table>
--- a/samples/contacts-xml/src/main/webapp/login.jsp
+++ b/samples/contacts-xml/src/main/webapp/login.jsp
@ -35,7 +35,7 @@
      <table>
        <tr><td>User:</td><td><input type='text' name='username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
        <tr><td>Password:</td><td><input type='password' name='password'></td></tr>
-        <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
+        <tr><td><input type="checkbox" name="remember-me"></td><td>Don't ask for my password for two weeks</td></tr>

        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
@ -10,7 +10,7 @@
      <table>
        <tr><td>User:</td><td><input type='text' name='username' value=''/></td></tr>
        <tr><td>Password:</td><td><input type='password' name='password' value=''/></td></tr>
-        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+        <tr><td><input type="checkbox" name="remember-me"/></td><td>Don't ask for my password for two weeks</td></tr>

        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
--- a/sandbox/heavyduty/src/main/webapp/login.jsp
+++ b/sandbox/heavyduty/src/main/webapp/login.jsp
@ -15,7 +15,7 @@
      <table>
        <tr><td>User:</td><td><input type='text' name='username' /></td></tr>
        <tr><td>Password:</td><td><input type='password' name='password'/></td></tr>
-        <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
+        <tr><td><input type="checkbox" name="remember-me"></td><td>Don't ask for my password for two weeks</td></tr>

        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
--- a/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl
+++ b/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl
@ -10,7 +10,7 @@
      <table>
        <tr><td>User:</td><td><input type='text' name='username' value=''/></td></tr>
        <tr><td>Password:</td><td><input type='password' name='password' value=''/></td></tr>
-        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+        <tr><td><input type="checkbox" name="remember-me"/></td><td>Don't ask for my password for two weeks</td></tr>

        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@ -40,8 +40,8 @@ import org.springframework.util.StringUtils;
 public abstract class AbstractRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
    //~ Static fields/initializers =====================================================================================

-    public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_REMEMBER_ME_COOKIE";
-    public static final String DEFAULT_PARAMETER = "_spring_security_remember_me";
+    public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "remember-me";
+    public static final String DEFAULT_PARAMETER = "remember-me";
    public static final int TWO_WEEKS_S = 1209600;

    private static final String DELIMITER = ":";