Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Not A Bug
    • Affects Version/s: Grails-Spring-Security-Core 1.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      Windows 7
      Grails 1.4.0.M1
    • Testcase included:
      yes

      Description

      I've created the simplest possible Grails app with the Spring Security plugin installed. I ran the following commands:

      grails create-app test
      cd test
      grails install-plugin spring-security-core
      grails s2-quickstart com.yourapp User Role
      

      Then I added the following to Bootstrap.groovy to create a single user and role on startup:

          def init = { servletContext ->
              def adminRole = Role.findByAuthority('ROLE_ADMIN') ?: new Role(authority: 'ROLE_ADMIN').save(failOnError: true)
      
              def adminUser = User.findByUsername('admin') ?: new User(
                      username: 'admin',
                      password: springSecurityService.encodePassword('admin'),
                      enabled: true).save(failOnError: true)
      
              if (!adminUser.authorities.contains(adminRole)) {
                  UserRole.create adminUser, adminRole
                  println "Added $adminUser.username to role $adminRole.authority"
              }
          }
      

      Then when I go to the login form and enter username "admin" and password "admin" login fails. I'm confident that the user exists, because when the app starts I see the following message in the console

      Added admin to role ROLE_ADMIN
      

      When LoginController.authFail() is called back after the login failure, the exception is of type

      org.springframework.security.authentication.BadCredentialsException

        Activity

        Hide
        Burt Beckwith added a comment -

        In 1.2 the password is encoded in the domain class, so you're double-encoding in BootStrap.

        Show
        Burt Beckwith added a comment - In 1.2 the password is encoded in the domain class, so you're double-encoding in BootStrap.
        Hide
        Donal Murtagh added a comment -

        Thanks for that. I got this Bootstrap code from a Spring blog post which I presume was written for an earlier version of the plugin: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-104?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs

        I've left a comment there to highlight that it won't work with v.1.2

        Show
        Donal Murtagh added a comment - Thanks for that. I got this Bootstrap code from a Spring blog post which I presume was written for an earlier version of the plugin: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-104?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs I've left a comment there to highlight that it won't work with v.1.2

          People

          • Assignee:
            Burt Beckwith
            Reporter:
            Donal Murtagh
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: