Grails and Spring Security: Salt Value Must Be Null When Use with Crypto Module PasswordEncoder

Question

I've almost completed my upgrade of a Grails 2.2.1 to 2.3.4 and Spring Security Plugin 1.2.7.3 to 2.0 RC2. I have the application running, but when I try to login I get a:

java.lang.IllegalArgumentException: Salt value must be null when used with crypto module PasswordEncoder

I haven't been able to figure this out and I haven't found any useful tips for this error related to grails or spring security plugin...

I have the salts setup with a custom UserDetailsService as laid out in this blog posting: http://grailsplayground.blogspot.com/2011/10/setting-up-grails-web-application-using.html

I don't know if I need to be doing the salts differently (if the new plugin has a better way to do it) or if I just needed to change something small (like I had to do through the upgrade process of changing grails.plugins.springsecurity to grails.plugin.springsecurity)

log4j output (trying to authenticate):

    web.FilterChainProxy  - /j_spring_security_check at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'authentication.ProviderManager  - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
    dao.DaoAuthenticationProvider  - Authentication failed: password does not match stored value
    rememberme.TokenBasedRememberMeServices  - Interactive login attempt was unsuccessful.
    rememberme.TokenBasedRememberMeServices  - Cancelling cookie

Answer 1

The default algorithm in 2.0 is bcrypt which doesn't support a supplied salt because it uses its own internally. So unconfigure any salt-related settings (e.g. the dao.reflectionSaltSourceProperty property or a custom saltSource bean) and use the default, or override the default with the password.algorithm property (e.g. with SHA-256) and configure salt settings.