Implement UserDetailsPasswordService in JdbcUserDetailsManager

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java

@@ -46,6 +46,7 @@
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsPasswordService;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
 import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
 import org.springframework.util.Assert;
@@ -63,9 +64,11 @@
  * using this implementation for managing your users.
  *
  * @author Luke Taylor
+ * @author Junhyeok Lee
  * @since 2.0
  */
-public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager, GroupManager {
+public class JdbcUserDetailsManager extends JdbcDaoImpl
+		implements UserDetailsManager, GroupManager, UserDetailsPasswordService {
 
 	public static final String DEF_CREATE_USER_SQL = "insert into users (username, password, enabled) values (?,?,?)";
 
@@ -162,6 +165,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	private RowMapper<GrantedAuthority> grantedAuthorityMapper = this::mapToGrantedAuthority;
 
+	private boolean enableUpdatePassword = false;
+
 	public JdbcUserDetailsManager() {
 	}
 
@@ -590,6 +595,20 @@ public void setUserCache(UserCache userCache) {
 		this.userCache = userCache;
 	}
 
+	/**
+	 * Sets whether the {@link #updatePassword(UserDetails, String)} method should
+	 * actually update the password.
+	 * <p>
+	 * Defaults to {@code false} to prevent accidental password updates that might produce
+	 * passwords that are too large for the current database schema. Users must explicitly
+	 * set this to {@code true} to enable password updates.
+	 * @param enableUpdatePassword {@code true} to enable password updates, {@code false}
+	 * otherwise.
+	 */
+	public void setEnableUpdatePassword(boolean enableUpdatePassword) {
+		this.enableUpdatePassword = enableUpdatePassword;
+	}
+
 	private void validateUserDetails(UserDetails user) {
 		Assert.hasText(user.getUsername(), "Username may not be empty or null");
 		validateAuthorities(user.getAuthorities());
@@ -603,4 +622,18 @@ private void validateAuthorities(Collection<? extends GrantedAuthority> authorit
 		}
 	}
 
+	/**
+	 * Conditionally updates password based on the setting from
+	 * {@link #setEnableUpdatePassword(boolean)}. {@inheritDoc}
+	 */
+	@Override
+	public UserDetails updatePassword(UserDetails user, String newPassword) {
+		if (this.enableUpdatePassword) {
+			UserDetails updated = User.withUserDetails(user).password(newPassword).build();
+			updateUser(updated);
+			return updated;
+		}
+		return user;
+	}
+
 }

core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java

@@ -60,6 +60,7 @@
  *
  * @author Luke Taylor
  * @author dae won
+ * @author Junhyeok Lee
  */
 public class JdbcUserDetailsManagerTests {
 
@@ -405,6 +406,23 @@ public void setGrantedAuthorityMapperWithMockMapper() throws SQLException {
 		verify(mockMapper).mapRow(any(), anyInt());
 	}
 
+	@Test
+	void updatePasswordWhenDisabledReturnOriginalUser() {
+		insertJoe();
+		this.manager.updatePassword(joe, "new");
+		UserDetails newJoe = this.manager.loadUserByUsername("joe");
+		assertThat(newJoe.getPassword()).isEqualTo("password");
+	}
+
+	@Test
+	void updatePasswordWhenEnabledShouldUpdatePassword() {
+		insertJoe();
+		this.manager.setEnableUpdatePassword(true);
+		this.manager.updatePassword(joe, "new");
+		UserDetails newJoe = this.manager.loadUserByUsername("joe");
+		assertThat(newJoe.getPassword()).isEqualTo("new");
+	}
+
 	private Authentication authenticateJoe() {
 		UsernamePasswordAuthenticationToken auth = UsernamePasswordAuthenticationToken.authenticated("joe", "password",
 				joe.getAuthorities());