2

I have a grails application (2.5.0) using Spring security and authenticating with the spring-security-ldap plugin (2.0-RC2) against a windows AD domain.

This works very well to authenticate but now I have the requirement to allow the user to change their password (in fact to require it!).

Despite searching through the documentation, Reading the code and searching with google All I can find is references to LdapUserDetailsManager.changePassword but I cannot find a single example of how to use this.

I find in the plugin 

public class GrailsLdapUserDetailsManager extends LdapUserDetailsManager 
    implements GrailsUserDetailsService {....

but this does not have the changePassword and I do not understand how to call it if it did.

I have looked through all the StackOverflow questions such as

how to change password using spring ldap and spring security

but the answers appear to be written in some other language and talk about things I do not have like xml files.

Can someone tell me, preferably with an understandable example how I can implement a change Password feature in Grails against an ldap AD source in conjunction with the grails spring-security-ldap plugin? Authentication without the ability to manage changing the passwords is just wrong!

Cry
  • 83
  • 7

1 Answers1

1

You can make use of the ldapUserDetailsManager by injecting into your controller e.g.

gsp:

<!DOCTYPE html>
<html>
    <head>
        <meta name="layout" content="main">
        <title><g:message code="menu.item.change.password" /></title>
    </head>
    <body>
        <div class="maincontentdiv" role="main">

        <div class="alert alert-info alert-dismissible" role="alert">
          <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
          flash.changePasswordMessage
        </div>

            <h3><g:message code="menu.item.change.password" /></h3>

            <g:form class="form-horizontal">

                <div class="form-group">
                    <label class="col-md-4 control-label" for="currentPassword">Current password</label>
                    <div class="col-md-4">
                        <g:field type="password" name="currentPassword" class="form-control" required="true" />
                    </div>
                </div>

                <div class="form-group">
                    <label class="col-md-4 control-label" for="newPassword">New password</label>
                    <div class="col-md-4">
                        <g:field type="password" name="newPassword" class="form-control" pattern=".{6,15}" required title="Password must be a minimum of 6 and a maximum of to 10 characters" />
                    </div>
                </div>

                <div class="form-group">
                    <label class="col-md-4 control-label" for="confirmNewPassword">Confirm new password</label>
                    <div class="col-md-4">
                        <g:field type="password" name="confirmNewPassword" class="form-control" pattern=".{6,15}" required title="Password must be a minimum of 6 and a maximum of to 10 characters" />
                    </div>
                </div>

                <g:render template="/templates/generic_submit_button" model="[btnname: 'changePassword', btntxt: 'Change password']" />

            </g:form>

        </div>
    </body>
</html>

Controller:

class ChangePasswordController {

    def ldapUserDetailsManager

    def index() {
        if ( params.changePassword ) {
            try {
                if ( params.newPassword.equals( params.confirmNewPassword ) ) {
                    ldapUserDetailsManager.changePassword( params.currentPassword, params.newPassword )
                }
                else { 
                    throw new InvalidParameterException( 'Please ensure the new password and confirm new password fields match' )
                }
            }
            catch( all ) {
                flash.changePasswordMessage= all.message
            }
        }
    }
}
Mike W
  • 3,853
  • 2
  • 11
  • 18