Reputation: 2019
grails spring security is not working properly
I have installed spring-security-core plugin for my project for login security.After installing it everything works fine such as if account_locked= true it shows the message that account locked, if enabled=false it shows that account is not enabled . But when everything is right then it shows "Sorry, we were not able to find a user with that username and password". Although I have this username and password. Can anyone please help me on this please?
here is my create action >>>
def createUser = {
def user = new User()
user.properties = params
println(user.username)
def password = user.password
def salt = user.username //depends on what you're using as a salt
user.password = springSecurityService.encodePassword(password, salt)
user.save()
}
Upvotes: 0
Views: 182
Answers (1)
Reputation: 35951
To insert user object, you need to encrypt password field, like:
def springSecurityService
def someAction() {
def user = ...
def password = ...
def salt = user.username //depends on what you're using as a salt
user.password = springSecurityService.encodePassword(password, salt)
user.save()
}
See plugin docs: http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/12%20Password%20and%20Account%20Protection.html
Salt is used to defeat pre-computed rainbow table attacks that could otherwise be used to greatly improve the efficiency of cracking the hashed password database. See http://en.wikipedia.org/wiki/Salt_(cryptography)
Upvotes: 1
Related Questions
- grails 3 spring security - authentication does not working
- Error using grails security plugin
- Spring Security Plugin Issue in Grails 2.4.4
- Grails Spring Security @Secured not working
- grails spring security login is not working
- Problems setting up Spring Security in Grails
- Grails + Spring Security: unable to login
- Grails Spring Security Plugin Authentication Fails
- Grails Security Plugin
- Spring Security Core Grails Plugin Issue