SEC-1194: Added support for services-alias to remember-me

config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -6,6 +6,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.parsing.BeanComponentDefinition;
 import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
@@ -28,6 +29,7 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
     static final String ATT_DATA_SOURCE = "data-source-ref";
     static final String ATT_SERVICES_REF = "services-ref";
+    static final String ATT_SERVICES_ALIAS = "services-alias";
     static final String ATT_TOKEN_REPOSITORY = "token-repository-ref";
     static final String ATT_USER_SERVICE_REF = "user-service-ref";
     static final String ATT_TOKEN_VALIDITY = "token-validity-seconds";
@@ -103,12 +105,14 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
             }
             services.setSource(source);
             services.getPropertyValues().addPropertyValue(ATT_KEY, key);
-            pc.getRegistry().registerBeanDefinition(BeanIds.REMEMBER_ME_SERVICES, services);
+            servicesName = pc.getReaderContext().registerWithGeneratedName(services);
-            pc.registerBeanComponent(new BeanComponentDefinition(services, BeanIds.REMEMBER_ME_SERVICES));
+            pc.registerBeanComponent(new BeanComponentDefinition(services, servicesName));
-            servicesName = BeanIds.REMEMBER_ME_SERVICES;
         } else {
             servicesName = rememberMeServicesRef;
-            pc.getRegistry().registerAlias(rememberMeServicesRef, BeanIds.REMEMBER_ME_SERVICES);
+        }
+
+        if (StringUtils.hasText(element.getAttribute(ATT_SERVICES_ALIAS))) {
+            pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
         }
 
         RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
@@ -128,14 +132,11 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
     }
 
     private BeanDefinition createFilter(ParserContext pc, Object source) {
-        RootBeanDefinition filter = new RootBeanDefinition(RememberMeProcessingFilter.class);
+        BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeProcessingFilter.class);
-        filter.setSource(source);
+        filter.getRawBeanDefinition().setSource(source);
-        filter.getPropertyValues().addPropertyValue("authenticationManager",
+        filter.addPropertyReference("authenticationManager", BeanIds.AUTHENTICATION_MANAGER);
-                new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
+        filter.addPropertyReference("rememberMeServices", servicesName);
 
-        filter.getPropertyValues().addPropertyValue("rememberMeServices",
+        return filter.getBeanDefinition();
-                new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES));
-
-        return filter;
     }
 }

config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc

@@ -426,7 +426,11 @@ remember-me.attlist &=
     user-service-ref?
     
 remember-me.attlist &=
-    ## The period (in seconds) for which the remember-me cookie should be valid. If set to a negative value
+    ## Exports the internally defined RememberMeServices as a bean alias, allowing it to be used by other beans in the application context.
+    attribute services-alias {xsd:token}?    
+    
+remember-me.attlist &=
+    ## The period (in seconds) for which the remember-me cookie should be valid.
     attribute token-validity-seconds {xsd:integer}?
     
 token-repository-ref =