|
|
@@ -553,7 +553,7 @@ remember-me =
|
|
|
## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
|
|
|
element remember-me {remember-me.attlist}
|
|
|
remember-me.attlist &=
|
|
|
- ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
|
|
|
+ ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
|
|
|
attribute key {xsd:token}?
|
|
|
|
|
|
remember-me.attlist &=
|
|
|
@@ -593,7 +593,7 @@ anonymous =
|
|
|
## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
|
|
|
element anonymous {anonymous.attlist}
|
|
|
anonymous.attlist &=
|
|
|
- ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
|
|
|
+ ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
|
|
|
attribute key {xsd:token}?
|
|
|
anonymous.attlist &=
|
|
|
## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
|
Mike Noordermeer