AuthenticationProviderBeanDefinitionParser does not support UserDetailsPasswordService

[hbourada]

Summary

<security:authentication-provider> XML configuration element is missing a user-details-password-service child or attribute to set a UserDetailsPasswordService property

Actual Behavior

No means to set UserDetailsPasswordService by XML configuration for <security:authentication-provider> and DaoAuthenticationProvider is missing a verification in doAfterPropertiesSet to check if userDetailsService instanceof UserDetailsPasswordService to set also userDetailsPasswordService

Expected Behavior

Add an xml child element or an attribute in <security:authentication-provider>

Configuration

<security:authentication-manager id="authenticationManager">
	<security:authentication-provider>
		<security:user-service data-source-ref="dataSource"/>
                 <security:password-encoder ref="delegatingPasswordEncoder"/>
                 <user-details-password-service ref="myUserDetailsPasswordService" />
	</security:authentication-provider>
</security:authentication-manager>

Version

spring-security-5.2.xsd

Sample

[jzheaux]

@hbourada, thanks for the suggestion. Are you able to submit a PR that adds the XML element?

DaoAuthenticationProvider is missing a verification in doAfterPropertiesSet to check if userDetailsService instanceof UserDetailsPasswordService to set also userDetailsPasswordService

I don't think this validation should be added. It's reasonable for DaoAuthenticationProvider to use have no UserDetailsPasswordService or to have one that is not the same value as the UserDetailsService.

[Rafael-Floriano]

Hello @jzheaux, I would like to work on this issue.

[thestroke82]

Hi @jzheaux I would like to contribute too