mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 09:12:14 +00:00
fd78d055aa
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword` is lazily initialized on the first call to `retrieveUser`, rather than in `doAfterPropertiesSet`. Since some `PasswordEncoder` implementations can be slow, this change can help to improve application startup times and the expense of some delay with the first login. Note that `userNotFoundEncodedPassword` creation occurs on the first user retrieval, regardless of whether the user is ultimately found. This ensures consistent processing times, regardless of the outcome. First Call: Found = encode(userNotFound) + decode(supplied) Not-Found = encode(userNotFound) + decode(userNotFound) Subsequent Call: Found = decode(supplied) Not-Found = decode(userNotFound) Fixes gh-4915