stackoom
  简体   繁体   中英

Grails Spring Security Plugin Password issue

 原文  2012-03-26 17:51:28       spring/ security/ grails/ migration/ spring-security

Question

I have successfully migrated to Spring Security plugin from acegi plugin. Creating a new user works fine. I can login.

But in the database, I have lot of users created using acegi's authenticateService.encodePassword . So I can't login using those old username and password. I guess its the MD5 or SHA1 encoding algorithm issue.

Just wanted to know, how to make it to work without resetting password. I tried setting grails.plugins.springsecurity.password.algorithm="MD5" , but no luck.

Any suggestions?

package auth 

import java.util.Set;
import auth.Role

/**
 * User domain class.
 */
class User  implements Serializable {
    static transients = ['pass','getAuthorities']
    static hasMany = [authorities: Role]
    static belongsTo = Role

    transient springSecurityService

    static mapping = {
        table 'users' // USER not a valid table name in oracle
    }

    /** Username */
    String username
    /** User Real Name*/
    String userRealName
    /** MD5 Password */
    String passwd

    String password

    /** enabled */
    boolean enabled

    String email
    boolean emailShow

    /** description */
    String description = ''

    /** plain password to create a MD5 password */
    String pass = '[secret]'

    boolean accountExpired 
    boolean accountLocked 
    boolean passwordExpired  

    String toString() {
        return userRealName
    }

    static constraints = {
        username(blank: false, unique: true)
        userRealName(blank: false)
        passwd(blank: false)
        password(blank: false)
        enabled()
        description(nullable:true)
    }

    /*Set<Role> getAuthorities() {
        Role.findAllByUser(this).collect { it.role } as Set
    }*/

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {
        password = springSecurityService.encodePassword(password,null)
    }


}

2 answers

solution1
 0  2012-03-26 19:39:18

try adding 

grails.plugins.springsecurity.password.algorithm='SHA-512'

in 

config.groovy

solution2
 0  2012-03-27 09:09:25

In addition to declaring the correct algorithm, you have to actually call the password encoder. In my User class I do it like this: 

class User {

    def springSecurityService
    static transients = ['springSecurityService', 'passwordConfirm']

    String password
    String passwordConfirm

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {            
            password = springSecurityService.encodePassword(password, null)
            passwordConfirm = springSecurityService.encodePassword(passwordConfirm, null)
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security Core Grails Plugin Issue Grails 3 Spring Security Plugin Spring security grails plugin Grails Spring-security-ui plugin, not using password encryption Grails Spring Security plugin and dbconsole Grails and Spring Security CAS plugin grails spring security rest plugin Grails Spring Security Plugin - Where is the plugin directory? Grails spring-security-core plugin question: password in User class isn't String how to get forgot password with grails application using spring security core plugin?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM