Grails Spring安全性插件密码问题

Question

I have successfully migrated to Spring Security plugin from acegi plugin. 我已经从acegi插件成功迁移到了Spring Security插件。 Creating a new user works fine. 创建一个新用户可以正常工作。 I can login. 我可以登录。

But in the database, I have lot of users created using acegi's authenticateService.encodePassword . 但是在数据库中，我有很多使用acegi的authenticateService.encodePassword创建的authenticateService.encodePassword 。 So I can't login using those old username and password. 因此，我无法使用那些旧的用户名和密码登录。 I guess its the MD5 or SHA1 encoding algorithm issue. 我想这是MD5或SHA1编码算法的问题。

Just wanted to know, how to make it to work without resetting password. 只是想知道，如何在不重置密码的情况下使其正常工作。 I tried setting grails.plugins.springsecurity.password.algorithm="MD5" , but no luck. 我尝试设置grails.plugins.springsecurity.password.algorithm="MD5" ，但是没有运气。

Any suggestions? 有什么建议么？

package auth 包认证

import java.util.Set;
import auth.Role

/**
 * User domain class.
 */
class User  implements Serializable {
    static transients = ['pass','getAuthorities']
    static hasMany = [authorities: Role]
    static belongsTo = Role

    transient springSecurityService

    static mapping = {
        table 'users' // USER not a valid table name in oracle
    }

    /** Username */
    String username
    /** User Real Name*/
    String userRealName
    /** MD5 Password */
    String passwd

    String password

    /** enabled */
    boolean enabled

    String email
    boolean emailShow

    /** description */
    String description = ''

    /** plain password to create a MD5 password */
    String pass = '[secret]'

    boolean accountExpired 
    boolean accountLocked 
    boolean passwordExpired  

    String toString() {
        return userRealName
    }

    static constraints = {
        username(blank: false, unique: true)
        userRealName(blank: false)
        passwd(blank: false)
        password(blank: false)
        enabled()
        description(nullable:true)
    }

    /*Set<Role> getAuthorities() {
        Role.findAllByUser(this).collect { it.role } as Set
    }*/

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {
        password = springSecurityService.encodePassword(password,null)
    }


}

Answer 1

try adding 尝试添加

grails.plugins.springsecurity.password.algorithm='SHA-512'

in 在

config.groovy

Answer 2

In addition to declaring the correct algorithm, you have to actually call the password encoder. 除了声明正确的算法之外，您还必须实际调用密码编码器。 In my User class I do it like this: 在我的User类中，它是这样的：

class User {

    def springSecurityService
    static transients = ['springSecurityService', 'passwordConfirm']

    String password
    String passwordConfirm

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {            
            password = springSecurityService.encodePassword(password, null)
            passwordConfirm = springSecurityService.encodePassword(passwordConfirm, null)
    }
}

Grails Spring安全性插件密码问题

问题描述

2 个解决方案

解决方案1
0 2012-03-26 19:39:18

解决方案2
0 2012-03-27 09:09:25

Grails Spring安全性插件密码问题

问题描述

2 个解决方案

解决方案1 0 2012-03-26 19:39:18

解决方案2 0 2012-03-27 09:09:25

解决方案1
0 2012-03-26 19:39:18

解决方案2
0 2012-03-27 09:09:25