PasswordVerificationService#
com.palmyralabs.palmyra.ext.usermgmt.service.PasswordVerificationService
Overview#
Narrow “verify only” SPI. Useful when a component needs to check a credential but shouldn’t pull in the full reset / change / force-change surface of PasswordMgmtService.
PasswordMgmtService and PasswordVerificationService are independent interfaces — neither extends the other — but the common implementation class typically implements both. Depend on whichever is closer to what you actually need.
Methods#
| Method | Signature |
|---|---|
verifyPassword |
boolean verifyPassword(String loginName, String password) throws Exception |
Example#
@RestController
@RequiredArgsConstructor
public class SensitiveActionController {
private final PasswordVerificationService passwords;
@PostMapping("/account/delete")
public ResponseEntity<?> deleteAccount(Principal who, @RequestBody ConfirmReq req) throws Exception {
if (!passwords.verifyPassword(who.getName(), req.password())) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
accountService.delete(who.getName());
return ResponseEntity.noContent().build();
}
}