SEC-1331: Allow omission of password field in user-service users #1579

spring-issuemaster opened this Issue Dec 16, 2009 · 2 comments

2 participants


Luke Taylor (Migrated from SEC-1331) said:

For such users, the namespace would generate a random password value, preventing authentication as those users. This makes sense in situations where the service is only used to load supplementary post-authentication data (user authorities). Typically this is the case with CAS, OpenID, Pre-Authentication.


Luke Taylor said:

Updated schema and parser to allow empty password, generating a random one internally. Modified OpenID sample to use the alternative syntax.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 milestone Feb 5, 2016
Spring member

This issue supersedes #1576

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment