Magnolia 5.5 reached end of life on November 15, 2019. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

The PasswordFieldDefinition renders two text boxes for entry and verification of passwords. 

The input text is masked in the field but the value is stored as clear text in the JCR.

If you want to store hashed password values, you can:

  • Use the password field to collect the value of the password entered by user and delegate the storage of the password and hashing to an underlying user manager. The user manager may be an internal Magnolia User Manager or an external user manager. See the Security app for an example of this approach.
  • Configure BCryptTransformer on the password field by specifying a transformerClass property in the field definition: 

    transformerClass = info.magnolia.ui.form.field.transformer.basic.BCryptTransformer

(warning) If you store a hashed value, you can no longer decode it to clear text. This is suitable when you want to authenticate against the password and only compare the stored hash against the hash of the password provided when logging in.

If you want to store passwords in plain text so that they can be used to access other systems requiring authentication (where Magnolia enters passwords on behalf of users), we recommend you use the Password Manager module.


Password field properties

Simple password definition:

    - name: tabUser
      label: User
        - name: password
          class: info.magnolia.ui.form.field.definition.PasswordFieldDefinition
          label: Password 

Node name











You can use  common field properties  and the following properties in a password field definition:


<field name>


Name of field


optional, default is true

Encodes the password and visually masks the characters.


optional, default is true

Verifies that the contents of the two boxes match. When set to false the verification (second) box is not rendered.


optional, default is field.password.verificationMessage

Text displayed above the field. Displays as "Please verify your entry", retrieved from a message bundle.


optional, default is field.password.verificationErrorMessage

Text displayed when passwords don't match. Displays as "Passwords do not match", retrieved from a message bundle.


optional, default is info.magnolia.ui.form.field.transformer.basic.BasicTransformer

Property transformer class. Defines how the values are stored in the repository.

Add validators to define your own password policy such as minimum length and character types.

  • No labels