From 7b1e9f8f73be701efa8abe84878f2361cb00fd1c Mon Sep 17 00:00:00 2001
From: Mike Noordermeer <mike@normi.net>
Date: Mon, 7 Jan 2013 13:48:43 +0100
Subject: [PATCH] Fix schema documentation for anonymous and remember-me
 element.

It now correctly mentions that the default value for the key attribute
is a SecureRandom value.
---
 .../springframework/security/config/spring-security-3.1.rnc  | 4 ++--
 .../springframework/security/config/spring-security-3.1.xsd  | 5 +++--
 .../springframework/security/config/spring-security-3.2.rnc  | 4 ++--
 .../springframework/security/config/spring-security-3.2.xsd  | 5 +++--
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
index 0003313513d..ff699a4d7ce 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -553,7 +553,7 @@ remember-me =
     ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
     element remember-me {remember-me.attlist}
 remember-me.attlist &=
-    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
+    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 
 remember-me.attlist &=
@@ -593,7 +593,7 @@ anonymous =
     ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
     element anonymous {anonymous.attlist}
 anonymous.attlist &=
-    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
+    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 anonymous.attlist &=
     ## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
index 2485e4eeb75..b6dbc83d961 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@@ -1748,7 +1748,8 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The "key" used to identify cookies from a specific token-based remember-me application.
-                You should set this to a unique value for your application.
+                You should set this to a unique value for your application. If unset, it will default to a
+                random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
@@ -1831,7 +1832,7 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The key shared between the provider and filter. This generally does not need to be set. If
-                unset, it will default to "doesNotMatter".
+                unset, it will default to a random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
index 0003313513d..ff699a4d7ce 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -553,7 +553,7 @@ remember-me =
     ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
     element remember-me {remember-me.attlist}
 remember-me.attlist &=
-    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
+    ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 
 remember-me.attlist &=
@@ -593,7 +593,7 @@ anonymous =
     ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
     element anonymous {anonymous.attlist}
 anonymous.attlist &=
-    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
+    ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to a random value generated by SecureRandom.
     attribute key {xsd:token}?
 anonymous.attlist &=
     ## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
index 2485e4eeb75..b6dbc83d961 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1748,7 +1748,8 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The "key" used to identify cookies from a specific token-based remember-me application.
-                You should set this to a unique value for your application.
+                You should set this to a unique value for your application. If unset, it will default to a
+                random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
@@ -1831,7 +1832,7 @@
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
             <xs:documentation>The key shared between the provider and filter. This generally does not need to be set. If
-                unset, it will default to "doesNotMatter".
+                unset, it will default to a random value generated by SecureRandom.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>