diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java index 6380bdd706..55e65ea145 100644 --- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java @@ -51,6 +51,7 @@ import org.springframework.util.Assert; * system isn't required. * * @author Luke Taylor + * @author Andrey Litvitski * @since 3.1 */ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetailsPasswordService { @@ -130,7 +131,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai } @Override - public void changePassword(String oldPassword, String newPassword) { + public void changePassword(@Nullable String oldPassword, @Nullable String newPassword) { Authentication currentUser = this.securityContextHolderStrategy.getContext().getAuthentication(); if (currentUser == null) { // This would indicate bad coding somewhere diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java index a0d60b6d01..14f4000732 100644 --- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java @@ -69,6 +69,7 @@ import org.springframework.util.Assert; * * @author Luke Taylor * @author Junhyeok Lee + * @author Andrey Litvitski * @since 2.0 */ public class JdbcUserDetailsManager extends JdbcDaoImpl @@ -310,7 +311,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl } @Override - public void changePassword(String oldPassword, String newPassword) throws AuthenticationException { + public void changePassword(@Nullable String oldPassword, @Nullable String newPassword) + throws AuthenticationException { Authentication currentUser = this.securityContextHolderStrategy.getContext().getAuthentication(); if (currentUser == null) { // This would indicate bad coding somewhere @@ -337,7 +339,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl this.userCache.removeUserFromCache(username); } - protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) { + protected Authentication createNewAuthentication(Authentication currentAuth, @Nullable String newPassword) { UserDetails user = loadUserByUsername(currentAuth.getName()); UsernamePasswordAuthenticationToken newAuthentication = UsernamePasswordAuthenticationToken.authenticated(user, null, user.getAuthorities()); diff --git a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java index c9f5e9a1df..33e444e69c 100644 --- a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java @@ -16,6 +16,8 @@ package org.springframework.security.provisioning; +import org.jspecify.annotations.Nullable; + import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -49,7 +51,7 @@ public interface UserDetailsManager extends UserDetailsService { * @param oldPassword current password (for re-authentication if required) * @param newPassword the password to change to */ - void changePassword(String oldPassword, String newPassword); + void changePassword(@Nullable String oldPassword, @Nullable String newPassword); /** * Check if a user with the supplied login name exists in the system.