zdesam
Reputation: 2976
Grails Spring Security Failed Password Attempt
Is there a way to retrieve user entered password in spring security core grails plugin when the authentication fails in the action authfail of LoginController?
def authfail = {
def msg = ''
// I can get the username as below
def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
// There is UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY but the value is null when access here as below
def attemptedPassword = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY]
.
.
.
}
I need to be able to know the password entered when the authentication fails.
Upvotes: 0
Views: 427
Answers (1)
luke
Reputation: 3599
It is possible but you have to store the password in session before submitting login form. Add custom button to your login form and hide submit button:
<form action="/j_spring_security_check">
...
<button onclick="javascript:store()" type="button">Login</button>
<input class="invisible" id="loginButton" type="submit">
</form>
You need to write store() function in javascript. Here is an example how to achieve that: FIDDLE (borrowed from here). Obviously in this function you must enclose form submission (using jQuery): $('#loginButton').click()
After failed authentication you have to retrieve stored password.
Upvotes: 1
Related Questions
- grails 3 spring security - authentication does not working
- Grails Spring Security gives wrong password
- Grails 3 Spring Security Pre Authentication
- Grails and Spring security: password is invalid after some time?
- Authentication failed - Bad credentials in grails spring security
- Grails + Spring Security: unable to login
- Grails Spring Security Plugin Authentication Fails
- Spring Security Plugin Authentication Failure Issue
- grails spring security core
- Grails spring Security add authentication method