* @param targetName
     *            SPN of the target system, optional
     * @param passwordHash
     *            The NT password hash, takes precedence over password (which is no longer required unless legacy LM
     *            authentication is needed)
     * @param password
     *            The password to use when constructing the response.
     * @param domain
     *            The domain in which the user has an account.

        }
        return redirect(getClass());
    }

    /**
     * Handles password change for the current user.
     *
     * @param form the password form containing new password and confirmation
     * @return the HTML response after password change attempt
     */
    @Execute
    public HtmlResponse changePassword(final PasswordForm form) {

                // encrypted
                try {
                    this.password = pwAuth.getAnsiHash(this.ctx, this.server.encryptionKey);
                } catch (final GeneralSecurityException e) {
                    throw new RuntimeCIFSException("Failed to encrypt password", e);
                }
                this.passwordLength = this.password.length;
            } else if (this.ctx.getConfig().isDisablePlainTextPasswords()) {

        assertTrue(testLdapManager.changePasswordCalled);
    }

    @Test
    public void test_changePassword_withNullPassword() {
        // Test password change with null password
        testLdapManager.changePasswordResult = false;
        testFessConfig.ldapAdminSyncPassword = false;

        boolean result = ldapChain.changePassword("testuser", null);

     * @param domain the domain for authentication
     * @param username the username for authentication
     * @param password the password for authentication
     */
    public JAASAuthenticator(String serviceName, String domain, String username, String password) {
        super(null, domain, username, password);
        this.serviceName = serviceName;
    }

    /**
     * Create an authenticator using the given credentials

     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(final CIFSContext tc, final String domain, final String username, final String password) {
        super(domain != null ? domain : tc.getConfig().getDefaultDomain(),
                username != null ? username : tc.getConfig().getDefaultUsername() != null ? tc.getConfig().getDefaultUsername() : "GUEST",

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing).

///

# Простий OAuth2 з паролем і Bearer { #simple-oauth2-with-password-and-bearer }

Тепер продовжимо з попереднього розділу і додамо відсутні частини, щоб отримати повний потік безпеки.

## Отримайте `username` і `password` { #get-the-username-and-password }

Ми використаємо утиліти безпеки **FastAPI**, щоб отримати `username` і `password`.

    #   o user: (Required)
    #   o password: password plainly or path to password file (with default password)
    #       e.g. foo or df:dfprop/system-password.txt|foo
    #       (NotRequired - Default '')
    #   o isSkipIfNotFoundPasswordFileAndDefault: Does it skip the user SQL statement
    #       when using password file but not found it and also default password?
    #       (NotRequired - Default false)
    #

            if (form.crudMode.intValue() == CrudMode.CREATE || StringUtil.isNotBlank(form.password)) {
                final String encodedPassword = ComponentUtil.getComponent(FessLoginAssist.class).encryptPassword(form.password);
                entity.setOriginalPassword(form.password);
                entity.setPassword(encodedPassword);
            }