stackoom
  简体   繁体   中英

How to get plain password or decrypt password from Spring Security in Grails?

 原文  2015-07-13 12:10:28       spring/ security/ grails/ spring-security

Question

I am using Spring Security Plugin in Grails application. When saving the password it is in encrypted format in the database. I want to send it plain password. How to get it?

Another Android application uses my API. From my API, I needs to send particular User's password.

2 answers

solution1
 1  2015-07-13 13:03:11

If you are reading the passwords from db: when passwords are saved to the database they are hashed not encrypted , and the process involved in hashing is not reversible , so the simple answer is: No you cant.

You can use encryption when saving the passwords to the database ( so that you can decrypt them when you come to the unusual scenarios like in your case) but it is not a good idea, that is why hashing functions are preferred to encryption algorithm for saving passwords .

But if you really require this and know how to handle the risks you can intercept the calls to user.save() , specifically intercept the beforeInsert() and beforeUpdate() methods that is where the password gets encoded.

So your user's beforeInsert() and beforeUpdate() methods will look like this: 

beforeInsert(){

    ...
    yourApiService.sendPassword(password)
    ...
    password = securityService.encodePassword(password)
    ...

}


beforeUpdate(){

    ...
    if(isDirty('password')){

        yourApiService.sendPassword(password)
        ...
        password = securityService.encodePassword(password)

    }
    ...

}

solution2
 1  2015-07-13 13:09:48

My suggestion for you is to use spring security rest plugin if you are exposing some your APIs to some external apps. To get started with spring security rest, have a look at greach2014 talk .

If you still insist on using plain text password, you are not the only one to request this but with different intention. The only logic behind storing plain text passwords is to debug login issues in spring security. It is not meant to be used in production application. Someone else posted similar question to debug the login issues and Burt Beckwith (the maintainer of spring security plugin) wrote this blog . In this blog he has explained how to store plain text passwords.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get password from Spring Security? Password encrypt and decrypt using Spring-security how to get forgot password with grails application using spring security core plugin? Grails Spring Security Plugin Password issue Spring security: get password in UserDetailsServiceMethod Spring Security 4.2.2 - Using Password To Decrypt Surrogate Key Spring security Ldap get username password from a encoded cookie for Authentication How to get user-given username and password in Spring Security SecurityConfig? How to get password value in j_spring_security_check Grails Spring-security-ui plugin, not using password encryption
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM