Reputation: 450
Updating spring security user's password field?
I have a problem with updating password field for User class, I'm using SpringSecurity plugin in grails, saw that it should be done like this but is not working...
user.password = springSecurityService.encodePassword(
params.password, userInstance.username)
tried also
user.password = springSecurityService.encodePassword(
params.password)
any ideas?
Upvotes: 2
Views: 2422
Answers (2)
Reputation: 75671
If you're using a newer version of the plugin (1.2.7 or higher) then you don't want to encode the password explicitly like you're doing, since the generated code in the User class does it for you. Only call springSecurityService.encodePassword if your domain class doesn't, otherwise you'll double-encode and not be able to login.
If you do encode the password yourself, the first version you've shown is using the username as the salt, and the second has no salt. Salting passwords is a good idea but not required - you can read about it in the documentation, section 12.2 - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/
Upvotes: 2
Reputation: 2621
You might want to take a look at how the author of Grails Spring Sec plugin is doing it in his ui plugin
Upvotes: 0
Related Questions
- Grails spring-security-core plugin question: password in User class isn't String
- Change password form which validates old password with spring security
- Grails Spring Security Plugin Migrate User Passwords from 1.2.7.3 to 2.0
- Grails Spring Security gives wrong password
- password change in spring-security.xml
- How do I programmatically change a user's password as an admin using Grails Spring Security?
- Grails and spring security core plugin - editing user
- Grails modify Spring Security plugin
- Using Spring Security to Validate User Credentials
- How to edit user (even password) with SpringSecurity Core and UI in grails