1

I have a spring web application that uses spring security, I know that the normal thing is to ask users to supply their username AND PASSWORD to login but I want users to supply only their username with NO PASSWORD to login. I want to know whether spring security has a specification that does this fluently or do I have to maneuver it by specifying a password field in the html form and populate the field with password value then make the field to be a hidden field. So that the user will not see the password field, so that when he enters his username and clicks submit the system will submit both values and log him in. Any better quick fix is also welcome. my idea...

<input type="text" name="username" required="required"/>
<input type="hidden" name="password" value="passwordValue"/>
Adindu Stevens
  • 2,947
  • 3
  • 14
  • 20

1 Answers1

3

When I was looking for, I didn't find a beautiful solution, so, I did something similar as you said. In my case, I did this:

@Bean
public PasswordEncoder passwordEncoder() {
    return NoOpPasswordEncoder.getInstance();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(service).passwordEncoder(passwordEncoder());

}

... and when I called the URL to authenticate, I pass password empty.

Cristiano Bombazar
  • 984
  • 2
  • 7
  • 15
  • 1
    Your Answer seem very nice, but i'm using XML configuration. Can you help me to translate it? – Adindu Stevens Nov 05 '18 at 16:47
  • I've never set up with XML, sorry fellow. But, see one of those answer in this link https://stackoverflow.com/questions/17444258/how-to-use-new-passwordencoder-from-spring-security . – Cristiano Bombazar Nov 05 '18 at 16:54
  • @AdinduStevens The second one, he teaches how to set up in the XML. Change BCryptPasswordEncoder to NoPasswordEncoder, and, should work fine. – Cristiano Bombazar Nov 05 '18 at 16:55
  • @Cristiano Bombazar you confuse between NoPasswordEncoder and NO PASSWORD. NoPasswordEncoder will no encode but still must to set password when login – Dung Phan Nov 06 '18 at 04:11
  • @thanhdung0312 I don't confuse, but, in our scenario, this is a way to do this. When I used BCryptEncoder with an empty password, didn't work. I had to change to NoPasswordEncoder. Because of that, a similar case, I posted this "answer". I think this is not the best way, but, I could not do it in a better way. – Cristiano Bombazar Nov 06 '18 at 10:13