Update Remember-Me example

Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>

docs/src/test/java/org/springframework/security/docs/servlet/authentication/tokenbasedremembermeservices/CustomAlgorithmRememberMeServicesConfiguration.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright 2026-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.docs.servlet.authentication.tokenbasedremembermeservices;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+/**
+ * Demonstrates custom algorithm for remember me configuration.
+ *
+ * @author Ngoc Nhan
+ */
+@EnableWebMvc
+@EnableWebSecurity
+@Configuration(proxyBeanMethods = false)
+public class CustomAlgorithmRememberMeServicesConfiguration {
+
+	// tag::snippet[]
+	@Bean
+	SecurityFilterChain securityFilterChain(HttpSecurity http, RememberMeServices rememberMeServices) throws Exception {
+		// @formatter:off
+		http
+				.authorizeHttpRequests((authorize) -> authorize
+						.anyRequest().authenticated()
+				)
+				.rememberMe((remember) -> remember
+						.rememberMeServices(rememberMeServices)
+				);
+		// @formatter:on
+		return http.build();
+	}
+
+	@Bean
+	RememberMeServices rememberMeServices(UserDetailsService userDetailsService) {
+		RememberMeTokenAlgorithm encodingAlgorithm = RememberMeTokenAlgorithm.SHA256;
+		TokenBasedRememberMeServices rememberMe = new TokenBasedRememberMeServices("myKey", userDetailsService,
+				encodingAlgorithm);
+		rememberMe.setMatchingAlgorithm(RememberMeTokenAlgorithm.MD5);
+		return rememberMe;
+	}
+	// end::snippet[]
+
+}

docs/src/test/java/org/springframework/security/docs/servlet/authentication/tokenbasedremembermeservices/DefaultAlgorithmRememberMeServicesConfiguration.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2026-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.docs.servlet.authentication.tokenbasedremembermeservices;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.RememberMeAuthenticationProvider;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+/**
+ * Demonstrates default algorithm for remember me configuration.
+ *
+ * @author Ngoc Nhan
+ */
+@EnableWebMvc
+@EnableWebSecurity
+@Configuration(proxyBeanMethods = false)
+public class DefaultAlgorithmRememberMeServicesConfiguration {
+
+	// tag::snippet[]
+	@Bean
+	RememberMeServices rememberMeServices(UserDetailsService userDetailsService) {
+		return new TokenBasedRememberMeServices("myKey", userDetailsService);
+	}
+
+	@Bean
+	RememberMeAuthenticationFilter rememberMeFilter(AuthenticationManager authenticationManager,
+			TokenBasedRememberMeServices rememberMeServices) {
+		return new RememberMeAuthenticationFilter(authenticationManager, rememberMeServices);
+	}
+
+	@Bean
+	RememberMeAuthenticationProvider rememberMeAuthenticationProvider() {
+		return new RememberMeAuthenticationProvider("myKey");
+	}
+	// end::snippet[]
+
+}

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/tokenbasedremembermeservices/CustomAlgorithmRememberMeServicesConfiguration.kt

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2026-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.kt.docs.servlet.authentication.tokenbasedremembermeservices
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.RememberMeServices
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
+import org.springframework.web.servlet.config.annotation.EnableWebMvc
+
+/**
+ * Demonstrates custom algorithm for remember me configuration.
+ *
+ * @author Ngoc Nhan
+ */
+@EnableWebMvc
+@EnableWebSecurity
+@Configuration(proxyBeanMethods = false)
+class CustomAlgorithmRememberMeServicesConfiguration {
+
+    // tag::snippet[]
+    @Bean
+    @Throws(Exception::class)
+    fun securityFilterChain(http: HttpSecurity, rememberMeServices: RememberMeServices): SecurityFilterChain {
+        // @formatter:off
+        http
+            .authorizeHttpRequests{ it.anyRequest().authenticated() }
+            .rememberMe { it.rememberMeServices(rememberMeServices) }
+        // @formatter:on
+        return http.build()
+    }
+
+    @Bean
+    fun rememberMeServices(userDetailsService: UserDetailsService): RememberMeServices {
+        val encodingAlgorithm = RememberMeTokenAlgorithm.SHA256
+        val rememberMe = TokenBasedRememberMeServices("myKey", userDetailsService, encodingAlgorithm)
+        rememberMe.setMatchingAlgorithm(RememberMeTokenAlgorithm.MD5)
+        return rememberMe
+    }
+    // end::snippet[]
+
+}

docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/tokenbasedremembermeservices/DefaultAlgorithmRememberMeServicesConfiguration.kt

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2026-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.kt.docs.servlet.authentication.tokenbasedremembermeservices
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.RememberMeAuthenticationProvider
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.web.authentication.RememberMeServices
+import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
+import org.springframework.web.servlet.config.annotation.EnableWebMvc
+
+/**
+ * Demonstrates default algorithm for remember me configuration.
+ *
+ * @author Ngoc Nhan
+ */
+@EnableWebMvc
+@EnableWebSecurity
+@Configuration(proxyBeanMethods = false)
+class DefaultAlgorithmRememberMeServicesConfiguration {
+
+    // tag::snippet[]
+    @Bean
+    fun rememberMeServices(userDetailsService: UserDetailsService): RememberMeServices {
+        return TokenBasedRememberMeServices("myKey", userDetailsService)
+    }
+
+    @Bean
+    fun rememberMeFilter(authenticationManager: AuthenticationManager, rememberMeServices: TokenBasedRememberMeServices): RememberMeAuthenticationFilter {
+        return RememberMeAuthenticationFilter(authenticationManager, rememberMeServices)
+    }
+
+    @Bean
+    fun rememberMeAuthenticationProvider(): RememberMeAuthenticationProvider {
+        return RememberMeAuthenticationProvider("myKey")
+    }
+    // end::snippet[]
+
+}

docs/src/test/resources/org/springframework/security/docs/servlet/authentication/tokenbasedremembermeservices/CustomAlgorithmRememberMeServicesConfiguration.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2026-present the original author or authors.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~       https://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<b:beans xmlns:b="http://www.springframework.org/schema/beans"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://www.springframework.org/schema/security"
+         xsi:schemaLocation="
+            http://www.springframework.org/schema/security
+            https://www.springframework.org/schema/security/spring-security.xsd
+            http://www.springframework.org/schema/beans
+            https://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <b:bean id="userDetailsService"
+            class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"/>
+
+    <!-- tag::snippet[] -->
+    <http>
+        <intercept-url pattern="/**" access="authenticated"/>
+        <remember-me services-ref="rememberMeServices"/>
+    </http>
+
+    <b:bean id="rememberMeServices"
+            class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+        <b:constructor-arg value="myKey"/>
+        <b:constructor-arg ref="userDetailsService"/>
+        <b:constructor-arg value="SHA256"
+                           type="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices$RememberMeTokenAlgorithm"/>
+        <b:property name="matchingAlgorithm" value="MD5"/>
+    </b:bean>
+    <!-- end::snippet[] -->
+
+</b:beans>

docs/src/test/resources/org/springframework/security/docs/servlet/authentication/tokenbasedremembermeservices/DefaultAlgorithmRememberMeServicesConfiguration.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2026-present the original author or authors.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~       https://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<b:beans xmlns:b="http://www.springframework.org/schema/beans"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://www.springframework.org/schema/security"
+         xsi:schemaLocation="
+            http://www.springframework.org/schema/security
+            https://www.springframework.org/schema/security/spring-security.xsd
+            http://www.springframework.org/schema/beans
+            https://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <b:bean id="userDetailsService"
+            class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"/>
+
+    <!-- tag::snippet[] -->
+    <b:bean id="rememberMeServices"
+                class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+        <b:constructor-arg value="myKey"/>
+        <b:constructor-arg ref="userDetailsService"/>
+    </b:bean>
+
+    <b:bean id="rememberMeFilter"
+                class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
+        <b:constructor-arg ref="authenticationManager"/>
+        <b:constructor-arg ref="rememberMeServices"/>
+    </b:bean>
+
+    <b:bean id="rememberMeAuthenticationProvider"
+                class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
+        <b:constructor-arg value="myKey"/>
+    </b:bean>
+    <!-- end::snippet[] -->
+
+    <authentication-manager alias="authenticationManager">
+        <authentication-provider ref="rememberMeAuthenticationProvider"/>
+    </authentication-manager>
+
+</b:beans>