Im using SpringSecurity 2.0-RC2 and want users to give the possibilty to change their passwords while they are online.
My User domain class has the following
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
To check whether the user was enterering the correct current password i was doing the following in a controller:
if (springSecurityService.encodePassword(params.currentPassword) == user.password) {
... but surprsingly (for me) the check always fails. Even more strange if im doing this:
println springSecurityService.encodePassword(params.currentPassword)
println springSecurityService.encodePassword(params.currentPassword)
i receive the following in the console
$2a$10$sWt7mUSHPFT.Np6m.gXyl.h8tWqblJbwtzQ6EQeMHxXMoGwOffC3e $2a$10$lwHz1SkNlW8ibznt.mOiruAg5eG/BTtsjM7ChyYVBvamRcrL8tucm
(like there would be a salt - but i didnt configure one myself)
My Settings are more or less the default settings; except the package names of the three domain classes.
As the documention is down since severely days im asking here if somebody has a idea what im doing wrong...
def springSecurityService
if(springSecurityService?.passwordEncoder?.matches(currentPassword ,
currentUser.password )){
println("password matched")
}
Whereas: currentPassword = raw/not encoded password
currentUser.password = encoded password
Try this
def passwordEncoder
...
passwordEncoder.isPasswordValid(user.password, params.currentPassword, null)
See this post for more detail.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With