Support A Well-Known URL for Changing Passwords #8688
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
evgeniycheban
force-pushed
the
gh-8657
branch
2 times, most recently
from
d913059
to
2933f45
Compare
evgeniycheban
force-pushed
the
gh-8657
branch
2 times, most recently
from
d95c351
to
4d7a1b6
Compare
jzheaux
added
in: web
There was a problem hiding this comment.
Thanks, @evgeniycheban! A special thanks for thinking about board support for the feature.
I'd like to focus on the Servlet DSL first, so I've only got the one comment thus far. Once we are aligned on that, I think the others will follow.
Also, with features like these, it's nice to have a sample to play with -- would you be able to add a minimal Spring Security sample application as part of the PR? It would go into /samples/boot/. The change password page could be an MVC endpoint that returns a message like "Change Password Page".
.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
Outdated
Show resolved
Hide resolved
evgeniycheban
force-pushed
the
gh-8657
branch
2 times, most recently
from
361d5ed
to
430cf01
Compare
There was a problem hiding this comment.
Thanks, @evgeniycheban! I've some additional feedback inline.
.../main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
Outdated
Show resolved
Hide resolved
...n/java/org/springframework/security/web/wellknown/WellKnownChangePasswordRedirectFilter.java
Outdated
Show resolved
Hide resolved
...n/java/org/springframework/security/web/wellknown/WellKnownChangePasswordRedirectFilter.java
Outdated
Show resolved
Hide resolved
...n/java/org/springframework/security/web/wellknown/WellKnownChangePasswordRedirectFilter.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/wellknown/package-info.java
Outdated
Show resolved
Hide resolved
evgeniycheban
force-pushed
the
gh-8657
branch
2 times, most recently
from
19daf8b
to
255e41a
Compare
evgeniycheban
force-pushed
the
gh-8657
branch
2 times, most recently
from
91d4bf2
to
74a02c2
Compare
|
@jzheaux Did you see the latest changes? |
There was a problem hiding this comment.
Thanks for your patience, @evgeniycheban - I've left one additional piece of feedback inline.
...in/java/org/springframework/security/web/password/WellKnownChangePasswordRedirectFilter.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
@evgeniycheban I've left just one more feedback comment. I believe we're ready to go after that.
.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
Outdated
Show resolved
Hide resolved
|
@evgeniycheban, thanks again for the PR. Fyrd/caniuse#5485 does a good job of summarizing where adoption of this spec is at currently. At the time of my post here, it shows that browser support is still in the early stages It would be nice to have a little more adoption before committing to supporting it. Even nicer would be to see the specification finalized. Also, once multiple browsers are using it in their password management tools, then it will be much easier to confirm that the feature works with those browsers. It's also quite simple for an app to do this themselves while they wait for this to be merged. So, I'd say let's wait on merging until the spec has matured. It'll be much easier to make changes to the PR than an already-GA'd feature. |
|
This appears to have recently been implemented by Chrome in https://bugs.chromium.org/p/chromium/issues/detail?id=927473. Once that makes it out to Chrome's stable channel, the PR can be tested against more than one browser to confirm the feature works as expected. |
evgeniycheban
force-pushed
the
gh-8657
branch
3 times, most recently
from
8c4d8bc
to
c9a3602
Compare
|
@jzheaux I tested this feature in Chrome 91, it works as expected. |
evgeniycheban
force-pushed
the
gh-8657
branch
5 times, most recently
from
41cb208
to
5030fb2
Compare
Closes gh-8657