SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.

web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java

@@ -46,7 +46,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
     protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
     private UserDetailsService userDetailsService;
-    private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
     private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
@@ -403,4 +403,18 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
         Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource cannot be null");
         this.authenticationDetailsSource = authenticationDetailsSource;
     }
+
+    /**
+     * Sets the strategy to be used to validate the {@code UserDetails} object obtained for
+     * the user when processing a remember-me cookie to automatically log in a user.
+     *
+     * @param userDetailsChecker
+     *          the strategy which will be passed the user object to allow it to be rejected if account should not
+     *          be allowed to authenticate (if it is locked, for example). Defaults to a
+     *          {@code AccountStatusUserDetailsChecker} instance.
+     *
+     */
+    public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
+        this.userDetailsChecker = userDetailsChecker;
+    }
 }

web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java

@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -189,6 +190,7 @@ public class AbstractRememberMeServicesTests {
     @Test
     public void autoLoginShouldFailIfUserAccountIsLocked() {
         MockRememberMeServices services = new MockRememberMeServices();
+        services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
         User joeLocked = new User("joe", "password",false,true,true,true,joe.getAuthorities());
         services.setUserDetailsService(new MockUserDetailsService(joeLocked, false));