Skip to content

Remove Servlet 2.5 and 3.0 Support for Remember Me #6263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Dec 7, 2018 · 4 comments · Fixed by #6278
Closed

Remove Servlet 2.5 and 3.0 Support for Remember Me #6263

jzheaux opened this issue Dec 7, 2018 · 4 comments · Fixed by #6278
Assignees
@dongmyo @jzheaux
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.2.0.M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Dec 7, 2018
edited
Loading

Related to #6220

The AbstractRememberMeServices attempts to use the setHttpOnly method only if that method is available in javax.servlet.http.Cookie.

Since Spring Framework 5.0 has a Servlet Spec baseline of 3.1, this check is no longer necessary.

We should always use the setHttpOnly method and remove any corresponding Servlet 2.5 or 3.0 tests.
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Dec 7, 2018
@jzheaux jzheaux added this to the 5.2.0.M1 milestone Dec 7, 2018
@jzheaux jzheaux mentioned this issue Dec 7, 2018
Closed
7 tasks
@jzheaux jzheaux changed the title Remove Servlet 2.5 Support for Remember Me Remove Servlet 2.5 and 3.0 Support for Remember Me Dec 7, 2018
@studyforbetter
Copy link

can you tell me how to use it by xml configer ,

@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 10, 2018

@studyforbetter there isn't anything special to do for XML in this case. CookieCsrfTokenRepository is configured by both the Java config as well as the XML config in the same way.

@dongmyo
Copy link
Contributor

dongmyo commented Dec 12, 2018

@jzheaux I'd like to take it

@dongmyo dongmyo mentioned this issue Dec 12, 2018
Merged
@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 12, 2018

@dongmyo It's yours

dongmyo added a commit to dongmyo/spring-security-1 that referenced this issue Dec 14, 2018
@dongmyo
Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
877ed41 
Fixes: spring-projectsgh-6263, Fixes: spring-projectsgh-6262
jzheaux pushed a commit that referenced this issue Dec 14, 2018
@dongmyo @jzheaux
Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
fc802e1 
Fixes: gh-6263, Fixes: gh-6262
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dongmyo dongmyo

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M1
Development

Successfully merging a pull request may close this issue.

Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF dongmyo/spring-security-1
3 participants
@dongmyo @jzheaux @studyforbetter