I have successfully migrated to Spring Security plugin from acegi plugin. Creating a new user works fine. I can login.
But in the database, I have lot of users created using acegi's authenticateService.encodePassword
. So I can't login using those old username and password. I guess its the MD5 or SHA1 encoding algorithm issue.
Just wanted to know, how to make it to work without resetting password. I tried setting grails.plugins.springsecurity.password.algorithm="MD5"
, but no luck.
Any suggestions?
package auth
import java.util.Set;
import auth.Role
/**
* User domain class.
*/
class User implements Serializable {
static transients = ['pass','getAuthorities']
static hasMany = [authorities: Role]
static belongsTo = Role
transient springSecurityService
static mapping = {
table 'users' // USER not a valid table name in oracle
}
/** Username */
String username
/** User Real Name*/
String userRealName
/** MD5 Password */
String passwd
String password
/** enabled */
boolean enabled
String email
boolean emailShow
/** description */
String description = ''
/** plain password to create a MD5 password */
String pass = '[secret]'
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String toString() {
return userRealName
}
static constraints = {
username(blank: false, unique: true)
userRealName(blank: false)
passwd(blank: false)
password(blank: false)
enabled()
description(nullable:true)
}
/*Set<Role> getAuthorities() {
Role.findAllByUser(this).collect { it.role } as Set
}*/
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password,null)
}
}
try adding
grails.plugins.springsecurity.password.algorithm='SHA-512'
in
config.groovy
In addition to declaring the correct algorithm, you have to actually call the password encoder. In my User
class I do it like this:
class User {
def springSecurityService
static transients = ['springSecurityService', 'passwordConfirm']
String password
String passwordConfirm
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password, null)
passwordConfirm = springSecurityService.encodePassword(passwordConfirm, null)
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.