0

I have installed spring-security-core plugin for my project for login security.After installing it everything works fine such as if account_locked= true it shows the message that account locked, if enabled=false it shows that account is not enabled . But when everything is right then it shows "Sorry, we were not able to find a user with that username and password". Although I have this username and password. Can anyone please help me on this please?

here is my create action >>> 

def createUser = {
    def user = new User()
    user.properties = params
    println(user.username)
    def password = user.password
    def salt = user.username //depends on what you're using as a salt
    user.password = springSecurityService.encodePassword(password, salt)
    user.save()
}
Sumon Bappi
  • 1,937
  • 8
  • 38
  • 82
  • how do you create/save user in database? – Igor Artamonov May 12 '13 at 11:38
  • yes @IgorArtamonov you got me. Right now one of my friend told me that manually inserted data will not be used for log in. Encoded data will be used for that. I think you meant this. But now suppose I want to add user for my app then how can I create them. I have no idea. If you provide some help it will be so helpfull. – Sumon Bappi May 12 '13 at 11:59

1 Answers1

1

To insert user object, you need to encrypt password field, like:

def springSecurityService

def someAction() {
   def user = ...
   def password = ...
   def salt = user.username //depends on what you're using as a salt
   user.password = springSecurityService.encodePassword(password, salt)
   user.save()      
}

See plugin docs: http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/12%20Password%20and%20Account%20Protection.html

Salt is used to defeat pre-computed rainbow table attacks that could otherwise be used to greatly improve the efficiency of cracking the hashed password database. See http://en.wikipedia.org/wiki/Salt_(cryptography)

Igor Artamonov
  • 35,450
  • 10
  • 82
  • 113
  • what is salt? I have no idea about it – Sumon Bappi May 13 '13 at 05:52
  • I have tried to create a new user. But it has not worked. I am giving my source code here. But the println() is printing null and nothing is saved to database. Can you guide me here with my source code edit please? – Sumon Bappi May 13 '13 at 09:56
  • try `user.save(failOnError: true)`, it will show you why it's not saved – Igor Artamonov May 13 '13 at 09:58
  • and also, make sure that your `params.username` is not null – Igor Artamonov May 13 '13 at 09:58
  • thank you so much. Now I can create new users. But a new problem has occurred. That is now everything is all right with value but when I try to log in this message is shown as before >> " Sorry, we were not able to find a user with that username and password ". – Sumon Bappi May 13 '13 at 10:43
  • make sure that you have configured Spring Security plugin to use same salt source - http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/12%20Password%20and%20Account%20Protection.html#12.2%20Salted%20Passwords – Igor Artamonov May 13 '13 at 10:55
  • if I add the line in my config.groovy will it word? And before adding, here is my spring-security code generated after install spring-security-core plugin >>> " grails.plugins.springsecurity.userLookup.userDomainClassName = 'common.auth.User' grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'common.auth.UserAuthority' grails.plugins.springsecurity.authority.className = 'common.auth.Authority' " – Sumon Bappi May 13 '13 at 11:07
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/29888/discussion-between-sumon-bappi-and-igor-artamonov) – Sumon Bappi May 14 '13 at 05:19