Pages

Friday, November 18, 2011

Spring Security Grails plugin 1.2.4 and transparent password encoding in the User domain object

Just spent some significant time today integrating Spring Security Grails plugin 1.2.4. It should have been a quick integration but I got stuck on some new functionality that has been added to the generated User domain object that this plugin generates when using the quick start script. You should now set the password on this domain object using the cleartext string. Look at the User domain object (you may have it named something else, but it's the domain object that represents the user). This domain class is now handling the encoding of the password transparently. I copied some code from another Grails app that was doing the encoding of the password explicitly. You should no longer do this--it will cause problems when attempting to authenticate. Basically I was doubly encoding the password, the plugin definitely does not like that. Here's what the plugin generates for a user domain object in 1.2.4:

 1 class User {
 2 
 3     transient springSecurityService
 4 
 5     String username
 6     String password
 7     boolean enabled
 8     boolean accountExpired
 9     boolean accountLocked
10     boolean passwordExpired
11 
12     static constraints = {
13         username blank: false, unique: true
14         password blank: false
15     }
16 
17     static mapping = {
18         password column: '`password`'
19     }
20 
21     Set<Role> getAuthorities() {
22         UserRole.findAllByUser(this).collect { it.role } as Set
23     }
24 
25     def beforeInsert() {
26         encodePassword()
27     }
28 
29     def beforeUpdate() {
30         if (isDirty('password')) {
31             encodePassword()
32         }
33     }
34 
35     protected void encodePassword() {
36         password = springSecurityService.encodePassword(password)
37     }
38 }


Notice that the domain object now has a springSecurityService injected into it. There's also some GORM callbacks that will be called before the state of the domain object is saved and updated in the database. This is where the encoding now occurs--you should not be doing the encoding explicitly yourself.

Lesson learned!
Posted by at
Labels:

9 comments:

  1. fashionbagson12:07 AM

    Do you know how to keep a good mood. Just remember to pay attention to the fashion trend of Paris Hermes such as Hermes Constance Handbag or the other styles like Kelly Hermes Bag. I promise you will relax yourself. So come on, know more fashion style arround you and make yourself more confidence. You will like it.

    ReplyDelete
  2. Android app development11:26 PM

    I like your blog appearance.This is one of the knowledgeable post.Try to get more this kind of information. Thanks for your support.
    Android app developers

    ReplyDelete
  3. Anna3:32 AM

    Great and Useful Article.

    Java Online Course

    Java Online Training

    Java EE training

    Java Course in Chennai

    Java Training in Chennai

    Java Training Institutes in Chennai

    Java Interview Questions

    Java Interview Questions

    ReplyDelete
  4. Satta Matka1:47 PM

    So is there any true magical matka of numbers that can help you to turn your fortunes around? Are there some unique combinations of numbers that you can learn? Are there some numerology rules that you should know about that can help you win big each time with guaranteed success?

    It may sound a bit odd to you but there is no such magical Satta matka of numbers or specific numbers that you can bet on for guaranteed success. Even those websites that promise you to make the winner in each round of the Indian matka are completely vague and absurd, to say the least.

    Instead, here we will try to elaborate on some more logical tips that can help you win the matka. Some of these tips may sound very simple and absurd as you know them. But the ground rules in the matka of Indian matka are the same and using some basic principles you can have more chances of success than failure.

    ReplyDelete
  5. Josephgiretqc6:24 AM

    Berkshire Clock Repair
    Joseph Giret QC

    ReplyDelete
  6. pandit sri rajshekar bhat3:14 AM

    Very nice post,Thank you.
    look here
    Vashikaran Astrologer in Banashankari

    ReplyDelete
  7. Gokul Das12:29 AM

    Its a really very impressive blog.Thank you for sharing.
    Visit Best Astrologer in Ranga Reddy

    ReplyDelete
  8. Thesofastore12:59 AM

    Best post,Thank you.
    look here
    Sofa Refurbishing in Bellandur

    ReplyDelete
  9. abhiramindia2:41 AM

    Very good article, Thank you

    abhiram astrology center. Best Astrologer In domlur


    ReplyDelete

Subscribe to: Post Comments (Atom)