Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security Plugin Authentication Failure Issue

Tags:

grails

spring-security

EDITED HEADER: more related with the actual problem

I'm trying to setup spring security for my test application

i installed the plugin , created User and Role classes ;

put this to UrlMappings.groovy;

        "/login/$action?"(controller: "login")
    "/logout/$action?"(controller: "logout")

then I put a user in the bootstrap as follows,

import org.project.auth.Role
import org.project.auth.User
import org.project.auth.UserRole;

class BootStrap {
    def springSecurityService
    def init = { servletContext ->
        def userRole = Role.findByAuthority('ROLE_USER') ?: new Role(authority: 'ROLE_USER').save(failOnError: true,flush:true)
        def adminRole = Role.findByAuthority('ROLE_ADMIN') ?: new Role(authority: 'ROLE_ADMIN').save(failOnError: true,flush:true)

        def adminUser = User.findByUsername('admin') ?: new User(

                username: 'admin',

                password: springSecurityService.encodePassword('admin'),

                enabled: true).save(failOnError: true,flush:true)

        print User.count()          

        if (!adminUser.authorities.contains(adminRole)) {
                    print "TEST"
            UserRole.create adminUser, adminRole,true
        }
    }
    def destroy = {
    }
}

this print User.count() returns 1 so i know the user is created , print "TEST" works as well so i know that it goes into the if block but when i run the server it fails with 

Sorry, we were not able to find a user with that username and password.

I use Grails 2.0.0.M1 , do you think it might be the issue?

like image 633
add9 Avatar asked Jan 20 '23 01:01

add9

1 Answers

The User domain class in the 1.2 version of the plugin encrypts the password for you. So older code like this that uses the springSecurityService double-encodes. Change password: springSecurityService.encodePassword('admin') to password: 'admin' and it should work.

If not, turn up the debugging and you should see a message about why it's failing. Add this to Config.groovy in the log4j block:

debug 'org.springframework.security'

Also to be safe I'd change if (!adminUser.authorities.contains(adminRole)) { to if (!UserRole.findByUserAndRole(adminUser, adminRole)) { `

like image 200
Burt Beckwith Avatar answered Jan 21 '23 16:01

Burt Beckwith
Sign in to Comment

Related questions

Grails Integration Test Does NOT Rollback
Is it possible to create a controller that extends an abstract controller in grails?
Grails controllers pass parameters
Grails - detect if request is over HTTP or HTTPS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!