stackoom
  简体   繁体   中英

Grails, upgrading from Acegi to Spring security plugin

 原文  2011-06-01 12:57:13       security/ spring/ grails/ groovy/ spring-security

Question

Yesterday I started upgrading our Grails app from Acegi plugin 0.5.2 to the Spring security plugin. I'm running into a few issues, maybe anyone can help here?

After making the necessary changes (as documented by Burt Beckwith on Migrating from the Acegi Plugin ) I was able to start the Grails app once again (woohoo.), However. logging in didn't work anymore.

Our situation is as follows: we use our Grails application pure for its application logic. Authentication is done using a username and password through webservices. As backends we use the database of the app (dao) and a LDAP backend. For now, we've disabled LDAP, to make testing easier.

This is the code which does the authentication:

def authenticate(String username, String password) {
try {
      println "Trying authentication with user " + username + " and password " + password + "."
      def tempToken = new UsernamePasswordAuthenticationToken(username, password)
      println "Temptoken is " + tempToken
      def token = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))
      println "Authentication token received was: " + token
    } catch (AuthenticationException authenticationException) {
        return false
    }
    return true     
}

This prints to the log:

Trying authentication with user admin and password admin.
Temptoken is org.springframework.security.providers.UsernamePasswordAuthenticationToken@1f: Principal: admin; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities

And then it all stops.

The domain classes we use are rather straightforward. We do not use a class such as the User Role for the joins between people and their authorities. Instead we use a many-to-many mapping, as this has always worked for us and is easy to maintain.

Our authority domain class:

class Authority {
static hasMany = [people: Person]

/** description */
String description
/** ROLE String */
String authority = ''

String authorityType

static constraints = {
    authority(help:'x',class:'wide',blank: false,unique:true)
    description(help:'x',class:'extrawide')
    authorityType(help:'x',class:'wide')
    people(help:'x',selectSort:'username',display:false)
}   

String toString() {
      return authority;
}   
}

And our Person domain class:

class Person  {

static hasMany = [authorities: Authority]
static belongsTo = Authority

//Authority primaryGroup

/** Username */
String username
/** User Real Name*/
String userRealName
String familyName
String givenName

/** MD5 Password */
String passwd
/** enabled */
boolean enabled

String email
boolean emailShow

/** description */
String description = ''



static constraints = {
    username(blank: false, unique: true,help:'x',class:'wide')
    userRealName(blank: false,help:'x',class:'wide')
    familyName(blank: false,help:'x',class:'wide')
    givenName(blank: false,help:'x',class:'wide')
    email(help:'x',class:'wide')
    emailShow(help:'x')
    enabled(help:'x')
    passwd(blank: false,password:true,show:false,help:'x',class:'wide')
    authorities(nullable:true,help:'x',sortable:true,selectSort:'authority')        
}

String toString() {
      return username;
  }
}

In Config.Groovy, we have defined:

security {
active = false
cacheUsers = false

grails.plugins.springsecurity.providerNames = ['daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']

grails.plugins.springsecurity.userLookUp.userDomainClassName = "Person"
grails.plugins.springsecurity.authority.className = "Authority"

As far as the documentation goes, this should work by all means (and so it did for the "old" Acegi setup).

To gather some more insights I briefly activated LDAP and found the same issue. WireShark told me that no LDAP calls were made during the login process. My guess would be that either there's something wrong with the code in the Authenticate function or SpringSecurity doesn't know how to pick up our domain classes.

I'd be glad to read any insights!

1 answers

solution1
 0  2011-06-01 17:04:47

It seems that the token is not valid, so the authenticate() call fails and generates an exception (IIRC it only returns a value if the call succeed).

My first try would be to check if the database has a row for user:'admin', password:'admin' for the environment.

After some thought, I would double-check the password property in Person class. Either via mapping in the domain class, or better via

userLookup.passwordPropertyName = "passwd"

UPDATE: Third thing to check.

active = false

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Grails Acegi plugin annotations Grails acegi plugin user recommendation Security Plugin from Grails? Grails Acegi security: Problem with roles and access [Spring-Flex][ACEGI] Error or no security Does Acegi/Spring security support getUserPrincipal()? Integration testing grails spring security plugin? Grails Spring Security Plugin Password issue Script level login to Grails app using Acegi security Grails: Is the Spring Security Plugin Too Powerful for Simple Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM