Skip to content

Implement UserDetailsPasswordService in JdbcUserDetailsManager #17071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 14, 2025
Merged

Implement UserDetailsPasswordService in JdbcUserDetailsManager #17071

merged 2 commits into from
May 14, 2025

Conversation

jhl221123
Copy link
Contributor

Summary:

Implements UserDetailsPasswordService in JdbcUserDetailsManager to allow password updates, controlled by a new flag.

Changes:

  • Added updatePassword(UserDetails user, String newPassword) method.
  • Introduced enableUpdatePassword boolean property (default: false) and setter setEnableUpdatePassword(boolean).
  • updatePassword method logic updated:
    • If enableUpdatePassword is true, it updates the user's password via updateUser.
    • If enableUpdatePassword is false, it returns the original UserDetails without performing any update.
  • Added tests in JdbcUserDetailsManagerTests to verify both scenarios (updatePasswordWhenDisabledReturnOriginalUser and updatePasswordWhenEnabledShouldUpdatePassword).

Closes gh-16863

@jhl221123
Implement UserDetailsPasswordService in JdbcUserDetailsManager
16d42ac 
Signed-off-by: Junhyeok Lee <jhl221123@naver.com>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 7, 2025
@injae-kim injae-kim mentioned this pull request May 9, 2025
Closed
injae-kim
injae-kim reviewed May 9, 2025
View reviewed changes
core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@@ -65,7 +66,8 @@
* @author Luke Taylor
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add your name on here?

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
Comment on lines +624 to +625
@Override
public UserDetails updatePassword(UserDetails user, String newPassword) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@Override
public UserDetails updatePassword(UserDetails user, String newPassword) {
@Override
/**
* comments like "updatePassword only when {@link #enableUpdatePassword} is true?
*/
public UserDetails updatePassword(UserDetails user, String newPassword) {

nit. how about adding comment about updatePassword flag?

@jhl221123
Update JdbcUserDetailsManager Javadoc and author
6adf93e 
Signed-off-by: Junhyeok Lee <jhl221123@naver.com>
@rwinch rwinch self-assigned this May 14, 2025
@rwinch rwinch added in: core An issue in spring-security-core type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels May 14, 2025
@rwinch rwinch enabled auto-merge (rebase) May 14, 2025 18:27
@rwinch
Copy link
Member

rwinch commented May 14, 2025

Thank you for the PR @jhl221123! This is now queued to be merged into main as soon as the build passes

@rwinch rwinch merged commit e30dc42 into spring-projects:main May 14, 2025
4 checks passed
@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this pull request May 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@injae-kim injae-kim injae-kim left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@rwinch rwinch

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JdbcUserDetailsManager.setEnableUpdatePassword
4 participants
@jhl221123 @rwinch @injae-kim @spring-projects-issues