SEC-2142: Schema documentation states anonymous and remember-me ke defaults to SecureRandom

config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc

@@ -553,7 +553,7 @@ remember-me =
     ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
     element remember-me {remember-me.attlist}
 remember-me.attlist &=
-    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
+    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 
 remember-me.attlist &=
@@ -593,7 +593,7 @@ anonymous =
     ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
     element anonymous {anonymous.attlist}
 anonymous.attlist &=
-    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
+    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 anonymous.attlist &=
     ## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".

config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd

@@ -1748,7 +1748,8 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The "key" used to identify cookies from a specific token-based remember-me application.
-                You should set this to a unique value for your application.
+                You should set this to a unique value for your application. If unset, it will default to a
+                random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
@@ -1831,7 +1832,7 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The key shared between the provider and filter. This generally does not need to be set. If
-                unset, it will default to "doesNotMatter".
+                unset, it will default to a random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>

config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc

@@ -553,7 +553,7 @@ remember-me =
     ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
     element remember-me {remember-me.attlist}
 remember-me.attlist &=
-    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
+    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 
 remember-me.attlist &=
@@ -593,7 +593,7 @@ anonymous =
     ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
     element anonymous {anonymous.attlist}
 anonymous.attlist &=
-    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
+    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 anonymous.attlist &=
     ## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".

config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd

@@ -1748,7 +1748,8 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The "key" used to identify cookies from a specific token-based remember-me application.
-                You should set this to a unique value for your application.
+                You should set this to a unique value for your application. If unset, it will default to a
+                random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
@@ -1831,7 +1832,7 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The key shared between the provider and filter. This generally does not need to be set. If
-                unset, it will default to "doesNotMatter".
+                unset, it will default to a random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>