1 class User {
2
3 transient springSecurityService
4
5 String username
6 String password
7 boolean enabled
8 boolean accountExpired
9 boolean accountLocked
10 boolean passwordExpired
11
12 static constraints = {
13 username blank: false, unique: true
14 password blank: false
15 }
16
17 static mapping = {
18 password column: '`password`'
19 }
20
21 Set<Role> getAuthorities() {
22 UserRole.findAllByUser(this).collect { it.role } as Set
23 }
24
25 def beforeInsert() {
26 encodePassword()
27 }
28
29 def beforeUpdate() {
30 if (isDirty('password')) {
31 encodePassword()
32 }
33 }
34
35 protected void encodePassword() {
36 password = springSecurityService.encodePassword(password)
37 }
38 }
Notice that the domain object now has a springSecurityService injected into it. There's also some GORM callbacks that will be called before the state of the domain object is saved and updated in the database. This is where the encoding now occurs--you should not be doing the encoding explicitly yourself.
Lesson learned!