Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Closed
michaelisvy opened this issue Apr 10, 2024 · 1 comment · Fixed by #14951 · May be fixed by #14968
Closed

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

michaelisvy opened this issue Apr 10, 2024 · 1 comment · Fixed by #14951 · May be fixed by #14968
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Milestone
5.8.13

Comments

@michaelisvy
Copy link

Expected Behavior

For my testing environment, I have specified a user in memory as shown below. Per the documentation, it is not expected to work because there is no password encoding and I did not specify the prefix {noop} in my password.

@Bean
 public InMemoryUserDetailsManager userDetailsService() {
     UserDetails user1 = User.builder()
             .username("user")
             .password("password")
             .roles("USER")
             .build();
     return new InMemoryUserDetailsManager(user1);
 }

It would be great to have an error message such as:

You have entered a password with no PasswordEncoder. If that is your intent, it should be prefixed with `{noop}`

Current Behavior

We currently have this error message:

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
	at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:289) ~[spring-security-crypto-6.2.3.jar:6.2.3]

To be honest, it took me a while to figure out what was happening and I'm sure it would help other users if the message could be more specific.

Context

  • Spring Boot 3.2.4
  • Spring Security 6.2.3

Thanks a lot for the great work!
@michaelisvy michaelisvy added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 10, 2024
@bottlerocketjonny
Copy link

Hi! Could I work on this issue please? I'm looking for my first contribution and this seems like it could be good to start with. Thanks 😀

abimael-turing pushed a commit to abimael-turing/spring-security that referenced this issue Apr 24, 2024
@abimaelrsergio
closes spring-projectsgh-14880
6ca0162
@abimael-turing abimael-turing mentioned this issue Apr 24, 2024
Merged
abimael-turing pushed a commit to abimael-turing/spring-security that referenced this issue Apr 25, 2024
@abimaelrsergio
Improve PasswordEncoder Error Messaging
a0e5af3 
Closes spring-projectsgh-14880
@bottlerocketjonny bottlerocketjonny mentioned this issue Apr 26, 2024
Open
jzheaux pushed a commit to abimael-turing/spring-security that referenced this issue Apr 26, 2024
@abimaelrsergio @jzheaux
Improve PasswordEncoder Error Messaging
6f1e1d4 
Closes spring-projectsgh-14880
@jzheaux jzheaux mentioned this issue Apr 26, 2024
Closed
@jzheaux jzheaux added in: core An issue in spring-security-core and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 26, 2024
@jzheaux jzheaux self-assigned this Apr 26, 2024
@jzheaux jzheaux added this to the 5.8.13 milestone Apr 26, 2024
jzheaux added a commit that referenced this issue Apr 26, 2024
@jzheaux
Fix Import Error
e5ee45d 
Issue gh-14880
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Milestone
5.8.13
3 participants
@michaelisvy @jzheaux @bottlerocketjonny