Skip to content

Commit bd88f37

Browse files
jzheauxjzheaux
committed
Document PasswordManagementConfigurer
Issue gh-8657
1 parent d121ab9 commit bd88f37

File tree

1 file changed

+68
-0
lines changed

1 file changed

+68
-0
lines changed

docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc

+68
Original file line numberDiff line numberDiff line change
@@ -489,3 +489,71 @@ fun passwordEncoder(): PasswordEncoder {
489489
====
490490
XML Configuration requires the `NoOpPasswordEncoder` bean name to be `passwordEncoder`.
491491
====
492+
493+
[[authentication-change-password-configuration]]
494+
== Change Password Configuration
495+
496+
Most applications that allow a user to specify a password also require a feature for updating that password.
497+
498+
https://w3c.github.io/webappsec-change-password-url/[A Well-Know URL for Changing Passwords] indicates a mechanism by which password managers can discover the password update endpoint for a given application.
499+
500+
You can configure Spring Security to provide this discovery endpoint.
501+
For example, if the change password endpoint in your application is `/change-password`, then you can configure Spring Security like so:
502+
503+
.Default Change Password Endpoint
504+
====
505+
.Java
506+
[source,java,role="primary"]
507+
----
508+
http
509+
.passwordManagement(Customizer.withDefaults())
510+
----
511+
512+
.XML
513+
[source,xml,role="secondary"]
514+
----
515+
<sec:password-management/>
516+
----
517+
518+
.Kotlin
519+
[source,kotlin,role="secondary"]
520+
----
521+
http {
522+
passwordManagement { }
523+
}
524+
----
525+
====
526+
527+
Then, when a password manager navigates to `/.well-known/change-password` then Spring Security will redirect your endpoint, `/change-password`.
528+
529+
Or, if your endpoint is something other than `/change-password`, you can also specify that like so:
530+
531+
.Change Password Endpoint
532+
====
533+
.Java
534+
[source,java,role="primary"]
535+
----
536+
http
537+
.passwordManagement((management) -> management
538+
.changePasswordPage("/update-password")
539+
)
540+
----
541+
542+
.XML
543+
[source,xml,role="secondary"]
544+
----
545+
<sec:password-management change-password-page="/update-password"/>
546+
----
547+
548+
.Kotlin
549+
[source,kotlin,role="secondary"]
550+
----
551+
http {
552+
passwordManagement {
553+
changePasswordPage = "/update-password"
554+
}
555+
}
556+
----
557+
====
558+
559+
With the above configuration, when a password manager navigates to `/.well-known/change-password`, then Spring Security will redirect to `/update-password`.

0 commit comments

Comments
 (0)