RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity

[kzwang]

We are configuring HttpSecurity to use a different SecurityContextRepository via http.securityContext().securityContextRepository(new NullSecurityContextRepository());. However, RememberMeAuthenticationFilter would still use HttpSessionSecurityContextRepository instead of the NullSecurityContextRepository we configured.

It seems the SecurityContextRepository set in HttpSecurity is not been propagated to RememberMeAuthenticationFilter in https://github.com/spring-projects/spring-security/blob/main/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java#L291