Grails/Spring Security: Unable to login with a newly created user

Question

I have just started using grails and installed the spring-security and spring-security-ui plugins. I am following the tutorial given here. The application starts with one bootstrapped user me with ROLE_ADMIN permission.

With the UI override scripts I was able to get the register functionality up and running and it works all right. Now, I have installed the User Management scripts (grails s2ui-override user) to try adding, editing, removing users.

A new user gets created fine, I have checked this against the HSQLDB instance. However, if I now log-out from the application and try to login with the newly created user the application tells me that it is unable to find a user with the provided username and password.

I haven't modified the default logout handling so am using /j_spring_security_logout which as the documentation says invalidates the session.

Is this a know issue? If so how can I get around this or if not how can I debug this issue?

EDIT:

This issue is also persisting without the UI addition. Register as a new user. Once you finish e-mail verification you are auto-logged in to the site. Now logout and try to login in back again. It gives the same error.

FINAL EDIT:

The UI plugin comes with the RegisterController that still encodes the password. However, the newer domain classes that come with the core are also doing this and the recommended practice is that controllers shouldn't. I commented out a line that does the encoding and the login/logout works now at least for the basic scenario.

Answer 1

There is a warning on that tutorial

Earlier versions of the plugin didn't include password encryption logic in the domain class, but it makes the code a lot cleaner.

I am guessing security-ui plugin does not know about that change, and comparing unencrypted password with the encrypted one on the database.

Answer 2

l managed to fix my problem. The problem was double encryption. Under the spring security ui in the user controller on line 41 the password was being encrypted and then again by the domain class so on login it was comparing a double encrypted password and a single encrypted password. To solve the problem l just commented out line 41 in the user controller which was encrypting the password

EDIT: If you have trouble figuring out where one would go to edit the controller, you can find the source code of the downloaded plugins in your user home's

/.grails/version/projects/projectname/plugins

directory for editing (at least on Mac / Linux, dunno where you'd find it in windows).