`User.password` cannot be null
opened this issue · comments
Hi guys,
First of all, I would like to thank you for such an awesome project. It helps me a lot.
Today I faced with a strange logic, so I would like to ask for some help with that.
I extend org.springframework.social.security.SocialUser class to get representation of an authorized user. I use it with form-based auth and with social auth too. The problem is in password field. When I authorize user through Facebook, for example, I do not have it's password to populate the field. So, I pass null to the constructor of SocialUser and get java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor. The exception comes from User:
...
if (((username == null) || "".equals(username)) || (password == null)) {
throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
}
...As a workaround, I pass an empty string as password, and it works pretty well, but such approach don't seems to be good. 😄
Maybe it worth to make password nullable?
Thanks.
I understand your issue, but as you pointed out, the enforcement of a non-null password comes from User, which is a class from Spring Security and any relaxation of that rule should come in Spring Security changes. The best that Spring Social can do is to pass in an empty string on your behalf, but that would just be shifting the workaround from your code to Spring Social's code. I suggest you open an issue with the Spring Security project, referencing this issue and Spring Social's SocialUser type.
Since this can't be addressed properly in the context of Spring Social, I am closing this issue.