OPEN - issue SEC-769: Remember-Me functionality not available in namespace configuration

http://jira.springframework.org/browse/SEC-769. I've added a check in FormLoginBeanDefintionParser to see if RememberMeServices is registered. If so, it will inject the bean into the filter. Also added a check in HttpSecurityBeanDefinitionParserTests that the field has been set.

core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -60,6 +60,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
             authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
             alwaysUseDefault = elt.getAttribute(ATT_ALWAYS_USE_DEFAULT_TARGET_URL);
             loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
+            
             if (!StringUtils.hasText(loginPage)) {
             	loginPage = null;
             }
@@ -69,17 +70,19 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         ConfigUtils.registerProviderManagerIfNecessary(parserContext);
         
         filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl);
-
         filterBean.setSource(source);
         filterBean.getPropertyValues().addPropertyValue("authenticationManager",
                 new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
+        
+        if (parserContext.getRegistry().containsBeanDefinition(BeanIds.REMEMBER_ME_SERVICES)) {
+            filterBean.getPropertyValues().addPropertyValue("rememberMeServices", 
+                    new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES) );
+        }
 
         BeanDefinitionBuilder entryPointBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
         entryPointBuilder.setSource(source);
-
         entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
-
         entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
 
         return null;
@@ -100,7 +103,6 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         
         filterBuilder.addPropertyValue("filterProcessesUrl", loginUrl);
 
-
         if (!StringUtils.hasText(defaultTargetUrl)) {
             defaultTargetUrl = DEF_FORM_LOGIN_TARGET_URL;
         }

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -32,8 +32,10 @@ import org.springframework.security.ui.WebAuthenticationDetails;
 import org.springframework.security.ui.basicauth.BasicProcessingFilter;
 import org.springframework.security.ui.logout.LogoutFilter;
 import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
+import org.springframework.security.ui.rememberme.NullRememberMeServices;
 import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
+import org.springframework.security.ui.rememberme.RememberMeServices;
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.util.FieldUtils;
@@ -74,7 +76,7 @@ public class HttpSecurityBeanDefinitionParserTests {
         checkAutoConfigFilters(filterList);
     }
 
-    private void checkAutoConfigFilters(List filterList) {
+    private void checkAutoConfigFilters(List filterList) throws Exception {
         assertEquals("Expected 11 filters in chain", 11, filterList.size());
 
         Iterator filters = filterList.iterator();
@@ -82,7 +84,13 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertTrue(filters.next() instanceof HttpSessionContextIntegrationFilter);
         assertTrue(filters.next() instanceof SessionFixationProtectionFilter);        
         assertTrue(filters.next() instanceof LogoutFilter);
-        assertTrue(filters.next() instanceof AuthenticationProcessingFilter);
+        Object authProcFilter = filters.next();
+        assertTrue(authProcFilter instanceof AuthenticationProcessingFilter);
+        // Check RememberMeServices has been set on AuthenticationProcessingFilter        
+        Object rms = FieldUtils.getFieldValue(authProcFilter, "rememberMeServices");
+        assertNotNull(rms);
+        assertTrue(rms instanceof RememberMeServices);
+        assertFalse(rms instanceof NullRememberMeServices);
         assertTrue(filters.next() instanceof DefaultLoginPageGeneratingFilter);
         assertTrue(filters.next() instanceof BasicProcessingFilter);
         assertTrue(filters.next() instanceof SecurityContextHolderAwareRequestFilter);