CODEWITHSUNDEEP
grailsspring-securityspring-bootbcryptgrails-3.0
Dem Pilafian
Dem Pilafian

Reputation: 5976

Configuring Spring Boot Security to use BCrypt password encoding in Grails 3.0

In Grails 3.0, how do you specify that Spring Boot Security should use BCrypt for password encoding?

The following lines should provide a sense of what I think needs to be done (but I'm mostly just guessing):

import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

PasswordEncoder passwordEncoder

passwordEncoder(BCryptPasswordEncoder)

My application loads spring-boot-starter-security as a dependency:

build.gradle

dependencies {
   ...
   compile "org.springframework.boot:spring-boot-starter-security"

And I have a service wired up for userDetailsService using:

conf/spring/resources.groovy

import com.example.GormUserDetailsService
import com.example.SecurityConfig

beans = {
   webSecurityConfiguration(SecurityConfig)
   userDetailsService(GormUserDetailsService)
   }

Upvotes: 6

Views: 15320

Answers (1)

Julian Ooi
Julian Ooi

Reputation: 298

I have the following code in grails-app/conf/spring/resources.groovy

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

beans = {
    bcryptEncoder(BCryptPasswordEncoder)
}

and I have a java file which does the configuration as described by spring-security. It should be possible to do it in groovy too, but I did it in java.

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    BCryptPasswordEncoder bcryptEncoder;

    @Autowired
    UserDetailsService myDetailsService

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            // userDetailsService should be changed to your user details service
            // password encoder being the bean defined in grails-app/conf/spring/resources.groovy
            auth.userDetailsService(myDetailsService)
                .passwordEncoder(bcryptEncoder);
    }
}

Upvotes: 14

Related Questions