spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Gh 7750 implement jdbcuserpassworddetailsmanager

Open geirhe opened this issue 2 years ago • 3 comments

Related to gh-7550.

This is an implementation of a UserDetailsManager that will keep passwords updated.

@jzheaux I have tried to add support for configuring this stuff both in code and xml. I have decided to stop because I would like some feedback before I dig the hole deeper:

  • do you prefer the query properties to be called Sql or Query? The code seems to be in two minds about this, so I temporarily added both. I found it hard to achieve consistent naming.
  • have I missed any bits that integrates with JdbcUserDetailsManager? I don't know the code base all that well yet. Guidance will be appreciated.
  • Where can I found the documentation site code? There is some SQL there I need to tweak.
  • How do you approach migration instructions? I didn't find any documentation for how to do that.
  • HttpSecurityConfiguration.jdbcAuthenticationWithPasswordManagement is mis-named. Should match the XML config, I guess. I'll sort it.
  • I don't know how you version XSD schemas. I need some new bits. Was I correct in just making a new version?
  • Does my code follow your coding guidelines? There are usually a bucketful of ceremonies, and where I live these are all automated. I don't know if my assumptions are correct here. Trying to do right, but I am aware that I am writing code for an unknown team culture.

I think this PR is getting bigger than I would like, so if I could get feedback on the direction I'll probably lob the documentation changes into a separate one.

It is probably easier to follow the PR by looking at a commit at a time. Sorry about that.

geirhe avatar Nov 15 '23 19:11 geirhe

Thanks for your thorough approach, @geirhe! You are right that it's a large PR. We'll just take it one step at a time. Some of my inline feedback hopefully makes the changeset smaller.

Thank you @jzheaux .

It has been very busy at work, but I'll try to deal with this PR the next weeks.

geirhe avatar Dec 14 '23 19:12 geirhe

I think I have handled all your comments now, and updated the docs.

I have two remaining tasks outside of this pr noted:

  • update the jdbc example to ansi sql. Is it important that the username and password fields are case insensitive?
  • add postgres example schema to the documentation (basically using a text data type instead of varchar. data types are the same)

I'll rebase and mark the review as ready now. This caused some formatting issues that spread into files I have not touched otherwise. I decided to include the changes here in order to get the build to pass.

geirhe avatar Jan 20 '24 09:01 geirhe

@jzheaux Not much is happening here, and I suppose that is either because you have decided to not apply this PR, because the PR got lost in the stack, or because you are horribly busy. I am assuming the middle situation with a side order of the latter since that is what I can relate to the most, so I am subtly poking your inbox. Please don't take this as nagging.

geirhe avatar Feb 18 '24 14:02 geirhe

@jzheaux Seems you have ghosted me, so I am closing this PR.

Bad form...

geirhe avatar Jun 02 '24 15:06 geirhe