Reputation: 3934
Grails Spring Security authentication from a service
Since i've been using a dedicated service in my Grails app so as to make authentication working with a vaadin UI, i 'm having a problem to validate the login:
1) A new user is created in bootstrap and recorded to db (postgre)
User.withTransaction {
User test = new User(
username: "test",
password: springSecurityService.encodePassword("password"),
enabled: true,
accountExpired: false,
accountLocked: false,
passwordExpired: false
).save()
Role dashManager = new Role(authority: "ROLE_USER").save()
new UserRole(user: test, role: dashManager).save()
2) The vaadin ui calls normally the grails service
boolean login(String username, String password) {
try {
println username + "----" + password
security.signIn(username, password)
return true
} catch (SecurityServiceException e) {
Notification.show("Login/Password incorrect", Notification.TYPE_ERROR_MESSAGE);
return false
}
}
3) My securityService always returns invalid
import grails.transaction.Transactional
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.authentication.BadCredentialsException
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
@Transactional
class SecurityService {
def springSecurityService
def authenticationManager
void signIn(String username, String password) {
try {
def authentication = new UsernamePasswordAuthenticationToken(username, password)
SCH.context.authentication = authenticationManager.authenticate(authentication)
} catch (BadCredentialsException e) {
throw new SecurityException("Invalid username/password")
}
}
void signOut() {
SCH.context.authentication = null
}
boolean isSignedIn() {
return springSecurityService.isLoggedIn()
}
}
Upvotes: 2
Views: 2770
Answers (2)
Reputation: 5540
Use the springSecurityService to authenticate
void signIn(String username, String password) {
try {
springSecurityService.reauthenticate(username, password)
} catch (BadCredentialsException e) {
throw new SecurityException("Invalid username/password")
}
}
Upvotes: 0
Reputation: 75671
You're probably double-encoding the password. Recent versions of the plugin generate a user/person domain class that encodes the password for you, so you don't need to call springSecurityService.encodePassword("password"), and if you do then it's encoded twice. This should work:
User test = new User(
username: "test",
password: "password",
enabled: true
).save()
I omitted setting accountExpired, accountLocked, and passwordExpired to false since those are the default values.
Upvotes: 3
Related Questions
- login automatically with Grails Spring Security
- spring-security-core custom authentication in grails
- How to tie OAuth authentication with Spring Security
- Authentication using Grails Spring Security REST Plugin
- Using Spring Security to Validate User Credentials
- grails spring security core
- Grails spring Security add authentication method
- Grails Custom Authentication Provider
- Authenticate user using external webservice in grails
- Custom authentication