Spring Security Remember me should detect UserDetailsService bean

Consider the following configuration:

@Configuration
public class SecurityConfiguration {

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.formLogin(withDefaults()).rememberMe(withDefaults());
        return http.build();
    }

    @Bean
    public InMemoryUserDetailsManager customUserDetailsService() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("test")
                .password("password")
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(user);
    }
}

When starting the application, an error is thrown because we have not specified the UserDetailsService that should be used in the remember me configuration.

java.lang.IllegalStateException: userDetailsService cannot be null. Invoke RememberMeConfigurer#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches.

We should change this behavior so that the UserDetailsService bean is picked up in the remember me configuration, without requiring the user to explicitly specify it.

Note: I've updated the description to only cover the case where a SecurityFilterChain bean is used. Adding the same changes to the WebSecurityConfigurerAdapter would break backwards compatibility.

Comment From: eleftherias

Closed via 8e34ced