ClientDetailsUserDetailsService cannot anymore support empty secret

Question

ClientDetailsUserDetailsService cannot anymore support empty secret

barclay-reg opened this issue 3 years ago · comments

Robert Kleinschmager commented 3 years ago

Summary

up to verion 2.4.0, the method ClientDetailsUserDetailsService.setPasswordEncoder was called while initializing DaoAuthenticationProvider (see https://github.com/spring-projects/spring-security-oauth/blob/6234826671d75632d84c524da1dd8818cee1b4c2/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java#L139)

Actual Behavior

since 2.5.0 this is not the case anymore. Change was made with b478e80

Version

2.5.0

Joe Grandja · Answer 1 · Fri Feb 26 2021 04:08:37 GMT+0800 (China Standard Time)

@barclay-reg Can you please provide more detail as it's not clear to me if you're having a specific issue. Can you put together a test or a minimal sample that reproduces the issue.

Spring Projects Issues · Answer 2 · Fri Mar 05 2021 04:10:22 GMT+0800 (China Standard Time)

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Spring Projects Issues · Answer 3 · Fri Mar 12 2021 04:09:18 GMT+0800 (China Standard Time)

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.