Grails spring-security-core插件问题:User类中的密码不是字符串
[英]Grails spring-security-core plugin question: password in User class isn't String
问题描述
I'm working on an application which stores password as byte[] in the db. 
我正在开发将密码存储为db中的byte []的应用程序。 I can't change the db. 我无法更改数据库。 So my domain class has the following: 因此,我的域类具有以下内容:
String userId
byte[] userPasswd
I know i can customize the names of the properties in Config.groovy but what about using byte[] instead of String datatype for password property? 我知道我可以自定义Config.groovy中属性的名称,但是使用byte []代替String数据类型作为密码属性呢? In case this is not currently supported in the plugin, a work around would be highly appreciated. 如果插件当前不支持此功能,则非常感谢您解决该问题。
1 个解决方案
解决方案1
1 已采纳 2011-02-24 18:55:59
There are a few ways, but this seems the cleanest and requires no Config.groovy changes. 有几种方法,但这似乎是最干净的方法,不需要更改Config.groovy。
Change the persistent password property to another name like you did (userPasswd) but put in a getter for getPassword() that the plugin will use, and convert the byte array to a String there: 将持久性密码属性更改为另一个名称,就像您使用的一样(userPasswd),但将插件将使用的getPassword()的getter放入,然后将字节数组转换为String:
class User {
String username
byte[] userPasswd
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static constraints = {
username blank: false, unique: true
password blank: false
}
static transients = ['password']
String getPassword() {
userPasswd ? new String(userPasswd) : null
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
}
Adding 'password' to the transients list is important since the real persistent field is userPasswd. 将“密码”添加到瞬态列表很重要,因为真正的持久字段是userPasswd。
This will affect how you create users, eg 这将影响您创建用户的方式,例如
def user = new User(username: 'me', enabled: true,
passwd: springSecurityService.encodePassword('password').bytes).save()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.