Spring Security Core Plugin

login failure

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Not A Bug
  • Affects Version/s: Grails-Spring-Security-Core 1.2
  • Fix Version/s: None
  • Labels:
    None
  • Environment:
    Windows 7
    Grails 1.4.0.M1
  • Testcase included:
    yes

Description

I've created the simplest possible Grails app with the Spring Security plugin installed. I ran the following commands:

grails create-app test
cd test
grails install-plugin spring-security-core
grails s2-quickstart com.yourapp User Role

Then I added the following to Bootstrap.groovy to create a single user and role on startup:

    def init = { servletContext ->
        def adminRole = Role.findByAuthority('ROLE_ADMIN') ?: new Role(authority: 'ROLE_ADMIN').save(failOnError: true)

        def adminUser = User.findByUsername('admin') ?: new User(
                username: 'admin',
                password: springSecurityService.encodePassword('admin'),
                enabled: true).save(failOnError: true)

        if (!adminUser.authorities.contains(adminRole)) {
            UserRole.create adminUser, adminRole
            println "Added $adminUser.username to role $adminRole.authority"
        }
    }

Then when I go to the login form and enter username "admin" and password "admin" login fails. I'm confident that the user exists, because when the app starts I see the following message in the console

Added admin to role ROLE_ADMIN

When LoginController.authFail() is called back after the login failure, the exception is of type 

org.springframework.security.authentication.BadCredentialsException

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Burt Beckwith added a comment -

In 1.2 the password is encoded in the domain class, so you're double-encoding in BootStrap.

Show
Burt Beckwith added a comment - In 1.2 the password is encoded in the domain class, so you're double-encoding in BootStrap.
Hide
Permalink
Donal Murtagh added a comment -

Thanks for that. I got this Bootstrap code from a Spring blog post which I presume was written for an earlier version of the plugin: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-104?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs

I've left a comment there to highlight that it won't work with v.1.2

Show
Donal Murtagh added a comment - Thanks for that. I got this Bootstrap code from a Spring blog post which I presume was written for an earlier version of the plugin: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-104?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs I've left a comment there to highlight that it won't work with v.1.2

People

  • Assignee:
    Burt Beckwith
    Reporter:
    Donal Murtagh
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: