From 5f57e5b0c3726466db4f5d0521ac26423f0d9cd4 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 24 Feb 2015 20:49:56 -0600 Subject: [PATCH] SEC-2873: Remember Me XML Configuration Defaults Should Match Java Config --- .../springframework/security/config/spring-security-4.0.rnc | 4 ++-- .../springframework/security/config/spring-security-4.0.xsd | 4 ++-- docs/manual/src/docs/asciidoc/index.adoc | 4 ++-- .../integration/AbstractWebServerIntegrationTests.java | 2 +- .../security/integration/InMemoryProviderWebAppTests.java | 2 +- itest/web/src/main/webapp/login.jsp | 2 +- samples/contacts-xml/src/main/webapp/login.jsp | 2 +- .../heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl | 2 +- sandbox/heavyduty/src/main/webapp/login.jsp | 2 +- sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl | 2 +- .../authentication/rememberme/AbstractRememberMeServices.java | 4 ++-- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc index d59cbbbab1..5f48189a25 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.rnc @@ -584,10 +584,10 @@ remember-me.attlist &= ## Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful remember-me authentication. attribute authentication-success-handler-ref {xsd:token}? remember-me.attlist &= - ## The name of the request parameter which toggles remember-me authentication. Defaults to '_spring_security_remember_me'. + ## The name of the request parameter which toggles remember-me authentication. Defaults to 'remember-me'. attribute remember-me-parameter {xsd:token}? remember-me.attlist &= - ## The name of cookie which store the token for remember-me authentication. Defaults to 'SPRING_SECURITY_REMEMBER_ME_COOKIE'. + ## The name of cookie which store the token for remember-me authentication. Defaults to 'remember-me'. attribute remember-me-cookie {xsd:token}? token-repository-ref = diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd index 413dda3347..6783146b78 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.0.xsd @@ -1823,14 +1823,14 @@ The name of the request parameter which toggles remember-me authentication. Defaults to - '_spring_security_remember_me'. + 'remember-me'. The name of cookie which store the token for remember-me authentication. Defaults to - 'SPRING_SECURITY_REMEMBER_ME_COOKIE'. + 'remember-me'. diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index 30c6a8dfc9..86d04c3a1a 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -7591,12 +7591,12 @@ A reference to a `DataSource` bean. If this is set, `PersistentTokenBasedRemembe [[nsa-remember-me-remember-me-parameter]] * **remember-me-parameter** -The name of the request parameter which toggles remember-me authentication. Defaults to "_spring_security_remember_me". Maps to the "parameter" property of `AbstractRememberMeServices`. +The name of the request parameter which toggles remember-me authentication. Defaults to "remember-me". Maps to the "parameter" property of `AbstractRememberMeServices`. [[nsa-remember-me-remember-me-cookie]] * **remember-me-cookie** -The name of cookie which store the token for remember-me authentication. Defaults to "SPRING_SECURITY_REMEMBER_ME_COOKIE". Maps to the "cookieName" property of `AbstractRememberMeServices`. +The name of cookie which store the token for remember-me authentication. Defaults to "remember-me". Maps to the "cookieName" property of `AbstractRememberMeServices`. [[nsa-remember-me-key]] diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java index b12b84f016..b3dad9ba21 100644 --- a/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java +++ b/itest/web/src/integration-test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java @@ -119,7 +119,7 @@ public abstract class AbstractWebServerIntegrationTests { protected Cookie getRememberMeCookie() { List cookies = (List) tester.getTestingEngine().getCookies(); for (Cookie c : cookies) { - if (c.getName().equals("SPRING_SECURITY_REMEMBER_ME_COOKIE")) { + if (c.getName().equals("remember-me")) { return c; } } diff --git a/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java b/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java index d6539bde8d..f464ed47ed 100644 --- a/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java +++ b/itest/web/src/integration-test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java @@ -62,7 +62,7 @@ public class InMemoryProviderWebAppTests extends AbstractWebServerIntegrationTes @Test public void persistentLoginIsSuccesful() throws Exception { beginAt("secure/index.html"); - tester.checkCheckbox("_spring_security_remember_me"); + tester.checkCheckbox("remember-me"); login("jimi", "jimispassword"); Cookie rememberMe = getRememberMeCookie(); assertNotNull(rememberMe); diff --git a/itest/web/src/main/webapp/login.jsp b/itest/web/src/main/webapp/login.jsp index 2eed304588..a14630fa6b 100644 --- a/itest/web/src/main/webapp/login.jsp +++ b/itest/web/src/main/webapp/login.jsp @@ -20,7 +20,7 @@ Your login attempt was not successful, try again. ${SPRING_SECURITY_LAST_EXCEPTI - +
User:
Password:
Don't ask for my password for two weeks
Don't ask for my password for two weeks
diff --git a/samples/contacts-xml/src/main/webapp/login.jsp b/samples/contacts-xml/src/main/webapp/login.jsp index b8dbd440e9..ed072882b9 100644 --- a/samples/contacts-xml/src/main/webapp/login.jsp +++ b/samples/contacts-xml/src/main/webapp/login.jsp @@ -35,7 +35,7 @@ - + diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl index 4cd2c44dc0..af47c4b331 100644 --- a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl +++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl @@ -10,7 +10,7 @@
User:
Password:
Don't ask for my password for two weeks
Don't ask for my password for two weeks
- + diff --git a/sandbox/heavyduty/src/main/webapp/login.jsp b/sandbox/heavyduty/src/main/webapp/login.jsp index 41f6af6f92..ab4b18b060 100755 --- a/sandbox/heavyduty/src/main/webapp/login.jsp +++ b/sandbox/heavyduty/src/main/webapp/login.jsp @@ -15,7 +15,7 @@
User:
Password:
Don't ask for my password for two weeks
Don't ask for my password for two weeks
- + diff --git a/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl b/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl index 05e826e32c..788e5051fc 100644 --- a/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl +++ b/sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl @@ -10,7 +10,7 @@
User:
Password:
Don't ask for my password for two weeks
Don't ask for my password for two weeks
- + diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java index 8669a34db3..9d332483b8 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java @@ -40,8 +40,8 @@ import org.springframework.util.StringUtils; public abstract class AbstractRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler { //~ Static fields/initializers ===================================================================================== - public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_REMEMBER_ME_COOKIE"; - public static final String DEFAULT_PARAMETER = "_spring_security_remember_me"; + public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "remember-me"; + public static final String DEFAULT_PARAMETER = "remember-me"; public static final int TWO_WEEKS_S = 1209600; private static final String DELIMITER = ":";
User:
Password:
Don't ask for my password for two weeks
Don't ask for my password for two weeks