0

Is there a way to retrieve user entered password in spring security core grails plugin when the authentication fails in the action authfail of LoginController?

def authfail = {

def msg = ''

// I can get the username as below
def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]

// There is UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY but the value is null when access here as below   
def attemptedPassword = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY]
.
.
.
}

I need to be able to know the password entered when the authentication fails.

zdesam
  • 2,936
  • 3
  • 25
  • 32
  • 1
    There is no way to get spring security password in plain text. If authentication fail then show password field as blank. – user1791574 Nov 09 '13 at 06:56

1 Answers1

1

It is possible but you have to store the password in session before submitting login form. Add custom button to your login form and hide submit button:

<form action="/j_spring_security_check">
   ...
   <button onclick="javascript:store()" type="button">Login</button>
   <input class="invisible" id="loginButton" type="submit">
</form>

You need to write store() function in javascript. Here is an example how to achieve that: FIDDLE (borrowed from here). Obviously in this function you must enclose form submission (using jQuery): $('#loginButton').click()

After failed authentication you have to retrieve stored password.

Community
  • 1
  • 1
luke
  • 3,531
  • 1
  • 26
  • 46