From 1188a3bb5fdb3f2f007db1240207f9630552a63c Mon Sep 17 00:00:00 2001
From: Eleftheria Stein <eleftheria.kousathana@gmail.com>
Date: Thu, 7 Nov 2019 15:26:59 +0100
Subject: [PATCH] Polish RememberMeConfigurer

Issue: gh-4140
---
 .../web/configurers/RememberMeConfigurer.java         | 11 +++++++++--
 .../web/configurers/RememberMeConfigurerTests.java    |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
index 1cc57a0b98..16e1cdfe51 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java
@@ -167,6 +167,9 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	/**
 	 * Sets the key to identify tokens created for remember me authentication. Default is
 	 * a secure randomly generated key.
+	 * If {@link #rememberMeServices(RememberMeServices)} is specified and is of type
+	 * {@link AbstractRememberMeServices}, then the default is the key set in
+	 * {@link AbstractRememberMeServices}.
 	 *
 	 * @param key the key to identify tokens created for remember me authentication
 	 * @return the {@link RememberMeConfigurer} for further customization
@@ -428,8 +431,12 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
 	}
 
 	/**
-	 * Gets the key to use for validating remember me tokens. Either the value passed into
-	 * {@link #key(String)}, or a secure random string if none was specified.
+	 * Gets the key to use for validating remember me tokens. If a value was passed into
+	 * {@link #key(String)}, then that is returned.
+	 * Alternatively, if a key was specified in the
+	 * {@link #rememberMeServices(RememberMeServices)}}, then that is returned.
+	 * If no key was specified in either of those cases, then a secure random string is
+	 * generated.
 	 *
 	 * @return the remember me key to use
 	 */
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
index 5d3e4032e9..1cba7745fe 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java
@@ -456,7 +456,7 @@ public class RememberMeConfigurerTests {
 	}
 
 	@Test
-	public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationTokenWithFallbackKeyConfiguration()
+	public void getWhenRememberMeCookieAndNoKeyConfiguredThenKeyFromRememberMeServicesIsUsed()
 			throws Exception {
 		this.spring.register(FallbackRememberMeKeyConfig.class).autowire();