12 years ago · b014020955
--- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
@@ -49,7 +49,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
															     static final String ATT_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
														
 
															     static final String ATT_TOKEN_VALIDITY = "token-validity-seconds";
														
 
															     static final String ATT_SECURE_COOKIE = "use-secure-cookie";
														
 
															-    static final String ATT_FORM_PARAMETER = "form-parameter";
														
 
															+    static final String ATT_FORM_REMEMBERME_PARAMETER = "rememberme-parameter";
														
 
															     protected final Log logger = LogFactory.getLog(getClass());
														
 
															     private final String key;
														
@@ -73,7 +73,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
															         String rememberMeServicesRef = element.getAttribute(ATT_SERVICES_REF);
														
 
															         String tokenValiditySeconds = element.getAttribute(ATT_TOKEN_VALIDITY);
														
 
															         String useSecureCookie = element.getAttribute(ATT_SECURE_COOKIE);
														
 
															-        String formParameter = element.getAttribute(ATT_FORM_PARAMETER);
														
 
															+        String remembermeParameter = element.getAttribute(ATT_FORM_REMEMBERME_PARAMETER);
														
 
															         Object source = pc.extractSource(element);
														
 
															         RootBeanDefinition services = null;
														
@@ -84,12 +84,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
															         boolean userServiceSet = StringUtils.hasText(userServiceRef);
														
 
															         boolean useSecureCookieSet = StringUtils.hasText(useSecureCookie);
														
 
															         boolean tokenValiditySet = StringUtils.hasText(tokenValiditySeconds);
														
 
															-        boolean formParameterSet = StringUtils.hasText(formParameter);
														
 
															+        boolean remembermeParameterSet = StringUtils.hasText(remembermeParameter);
														
 
															-        if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet || formParameterSet)) {
														
 
															+        if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet || remembermeParameterSet)) {
														
 
															             pc.getReaderContext().error(ATT_SERVICES_REF + " can't be used in combination with attributes "
														
 
															                     + ATT_TOKEN_REPOSITORY + "," + ATT_DATA_SOURCE + ", " + ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY
														
 
															-                    + ", " + ATT_SECURE_COOKIE + " or " + ATT_FORM_PARAMETER, source);
														
 
															+                    + ", " + ATT_SECURE_COOKIE + " or " + ATT_FORM_REMEMBERME_PARAMETER, source);
														
 
															         }
														
 
															         if (dataSourceSet && tokenRepoSet) {
														
@@ -140,8 +140,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
 
															                 services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValidity);
														
 
															             }
														
 
															-            if (formParameterSet) {
														
 
															-                services.getPropertyValues().addPropertyValue("parameter", formParameter);
														
 
															+            if (remembermeParameterSet) {
														
 
															+                services.getPropertyValues().addPropertyValue("parameter", remembermeParameter);
														
 
															             }
														
 
															             services.setSource(source);
														
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -577,7 +577,9 @@ remember-me.attlist &=
 
															 remember-me.attlist &=
														
 
															     ## Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful remember-me authentication.
														
 
															     attribute authentication-success-handler-ref {xsd:token}?
														
 
															-
														
 
															+remember-me.attlist &=
														
 
															+    ## The name of the request parameter which toggles remember-me authentication. Defaults to '_spring_security_remember_me'.
														
 
															+    attribute rememberme-parameter {xsd:token}?
														
 
															 token-repository-ref =
														
 
															     ## Reference to a PersistentTokenRepository bean for use with the persistent token remember-me implementation.
														
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1801,11 +1801,12 @@
 
															                 </xs:documentation>
														
 
															          </xs:annotation>
														
 
															       </xs:attribute>
														
 
															-      <xs:attribute name="form-parameter" type="xs:token">
														
 
															-          <xs:annotation>
														
 
															-              <xs:documentation>The name of the request parameter which toggles remember-me authentication. Defaults to '_spring_security_remember_me'.
														
 
															-              </xs:documentation>
														
 
															-          </xs:annotation>
														
 
															+      <xs:attribute name="rememberme-parameter" type="xs:token">
														
 
															+         <xs:annotation>
														
 
															+            <xs:documentation>The name of the request parameter which toggles remember-me authentication. Defaults to
														
 
															+                '_spring_security_remember_me'.
														
 
															+                </xs:documentation>
														
 
															+         </xs:annotation>
														
 
															       </xs:attribute>
														
 
															   </xs:attributeGroup>
														
 
															   <xs:attributeGroup name="token-repository-ref">
														
@@ -2318,4 +2319,4 @@
 
															          <xs:enumeration value="LAST"/>
														
 
															       </xs:restriction>
														
 
															   </xs:simpleType>
														
 
															-</xs:schema>
														
 
															+</xs:schema>
														
--- a/config/src/test/groovy/org/springframework/security/config/http/RememberMeConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/RememberMeConfigTests.groovy
@@ -26,6 +26,7 @@ import org.springframework.security.util.FieldUtils
 
															 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
														
 
															 import org.springframework.security.web.authentication.logout.LogoutFilter
														
 
															 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
														
 
															+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
														
 
															 import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
														
 
															 import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
														
 
															 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
														
@@ -213,10 +214,20 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
 
															         notThrown BeanDefinitionParsingException
														
 
															     }
														
 
															+    def 'Default form-parameter is correct'() {
														
 
															+        httpAutoConfig () {
														
 
															+            'remember-me'()
														
 
															+        }
														
 
															+
														
 
															+        createAppContext(AUTH_PROVIDER_XML)
														
 
															+        expect:
														
 
															+        rememberMeServices().parameter == AbstractRememberMeServices.DEFAULT_PARAMETER
														
 
															+    }
														
 
															+
														
 
															     // SEC-2119
														
 
															     def 'Custom form-parameter is supported'() {
														
 
															         httpAutoConfig () {
														
 
															-            'remember-me'('form-parameter': 'ourParam')
														
 
															+            'remember-me'('rememberme-parameter': 'ourParam')
														
 
															         }
														
 
															         createAppContext(AUTH_PROVIDER_XML)
														
@@ -227,7 +238,7 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
 
															     def 'form-parameter cannot be used together with services-ref'() {
														
 
															         when:
														
 
															         httpAutoConfig () {
														
 
															-            'remember-me'('form-parameter': 'ourParam', 'services-ref': 'ourService')
														
 
															+            'remember-me'('rememberme-parameter': 'ourParam', 'services-ref': 'ourService')
														
 
															         }
														
 
															         createAppContext(AUTH_PROVIDER_XML)
														
 
															         then:
														
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@@ -842,7 +842,7 @@
 
															                         <classname>PersistentTokenBasedRememberMeServices</classname> will be used and configured with a
														
 
															                         <classname>JdbcTokenRepositoryImpl</classname> instance. </para>
														
 
															                 </section>
														
 
															-                <section xml:id="nsa-remember-me-form-parameter">
														
 
															+                <section xml:id="nsa-remember-me-rememberme-parameter">
														
 
															                     <title><literal>form-parameter</literal></title>
														
 
															                     <para>The name of the request parameter which toggles remember-me authentication. Defaults to "_spring_security_remember_me".
														
 
															                         Maps to the "parameter" property of <classname>AbstractRememberMeServices</classname>.</para>