From 2e64012ba088517d33ec744c8b6d94c096150f4d Mon Sep 17 00:00:00 2001 From: DingHao Date: Sun, 17 Mar 2024 14:32:28 +0800 Subject: [PATCH] inject PasswordEncoder into DaoAuthenticationProvider constructor Closes gh-14691 --- .../InitializeUserDetailsBeanManagerConfigurer.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java index bf46c1acf60..814c1127f80 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -67,11 +67,14 @@ public void configure(AuthenticationManagerBuilder auth) throws Exception { PasswordEncoder passwordEncoder = getBeanOrNull(PasswordEncoder.class); UserDetailsPasswordService passwordManager = getBeanOrNull(UserDetailsPasswordService.class); CompromisedPasswordChecker passwordChecker = getBeanOrNull(CompromisedPasswordChecker.class); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); - provider.setUserDetailsService(userDetailsService); + DaoAuthenticationProvider provider; if (passwordEncoder != null) { - provider.setPasswordEncoder(passwordEncoder); + provider = new DaoAuthenticationProvider(passwordEncoder); + } + else { + provider = new DaoAuthenticationProvider(); } + provider.setUserDetailsService(userDetailsService); if (passwordManager != null) { provider.setUserDetailsPasswordService(passwordManager); }