spring-projects · jzheaux · Mar 4, 2026 · Feb 23, 2026
diff --git a/.../main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/.../main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.authentication.dao;
 
+import java.util.Objects;
 import java.util.function.Supplier;
 
 import org.jspecify.annotations.Nullable;
@@ -43,6 +44,7 @@
  *
  * @author Ben Alex
  * @author Rob Winch
+ * @author Andrey Litvitski
  */
 public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
 
@@ -131,7 +133,8 @@ protected Authentication createSuccessAuthentication(Object principal, Authentic
 			throw new CompromisedPasswordException("The provided password is compromised, please change your password");
 		}
 		String existingEncodedPassword = user.getPassword();
-		boolean upgradeEncoding = existingEncodedPassword != null && this.userDetailsPasswordService != null
+		boolean upgradeEncoding = existingEncodedPassword != null
+				&& !Objects.equals(this.userDetailsPasswordService, UserDetailsPasswordService.NOOP)
 				&& this.passwordEncoder.get().upgradeEncoding(existingEncodedPassword);
 		if (upgradeEncoding) {
 			String newPassword = this.passwordEncoder.get().encode(presentedPassword);