grails spring security login is not working -


i using grails 2.1.0. have installed spring-security-core plugin.

when create user creating it. when try login shows:

"sorry, not able find user username , password."

and there fact when use same password different user not save password similar encoded value user 1 have used password 123 saved in database

d535ce213a0e8e4f9e724af47c46eea409ef401c03617b749da618a82890d743

and user 2 used password 123 , time saved

0849ea79a2c1bca057ded06c3053fb5bc5d7ba52b50982e73e44894d4f3e0aa6

i don't understand. can please me on ?

my config.groovy >>>

    // locations search config files merged main config; // config files can configslurper scripts, java properties files, or classes // in classpath in configslurper format  // grails.config.locations = [ "classpath:${appname}-config.properties", //                             "classpath:${appname}-config.groovy", //                             "file:${userhome}/.grails/${appname}-config.properties", //                             "file:${userhome}/.grails/${appname}-config.groovy"]  // if (system.properties["${appname}.config.location"]) { //    grails.config.locations << "file:" + system.properties["${appname}.config.location"] // }  grails.project.groupid = appname // change alter default package name , maven publishing destination grails.mime.file.extensions = true // enables parsing of file extensions urls request format grails.mime.use.accept.header = false grails.mime.types = [     all:           '*/*',     atom:          'application/atom+xml',     css:           'text/css',     csv:           'text/csv',     form:          'application/x-www-form-urlencoded',     html:          ['text/html','application/xhtml+xml'],     js:            'text/javascript',     json:          ['application/json', 'text/json'],     multipartform: 'multipart/form-data',     rss:           'application/rss+xml',     text:          'text/plain',     xml:           ['text/xml', 'application/xml'] ]  // url mapping cache max size, defaults 5000 //grails.urlmapping.cache.maxsize = 1000  // url patterns should processed resources plugin grails.resources.adhoc.patterns = ['/images/*', '/css/*', '/js/*', '/plugins/*']  // default codec used encode data ${} grails.views.default.codec = "none" // none, html, base64 grails.views.gsp.encoding = "utf-8" grails.converters.encoding = "utf-8" // enable sitemesh preprocessing of gsp pages grails.views.gsp.sitemesh.preprocess = true // scaffolding templates configuration grails.scaffolding.templates.domainsuffix = 'instance'  // set false use new grails 1.2 jsonbuilder in render method grails.json.legacy.builder = false // enabled native2ascii conversion of i18n properties files grails.enable.native2ascii = true // packages include in spring bean scanning grails.spring.bean.packages = [] // whether disable processing of multi part requests grails.web.disable.multipart=false  // request parameters mask when logging exceptions grails.exceptionresolver.params.exclude = ['password']  // configure auto-caching of queries default (if false can cache individual queries 'cache: true') grails.hibernate.cache.queries = false  environments {     development {         grails.logging.jul.usebridge = true     }     production {         grails.logging.jul.usebridge = false         // todo: grails.serverurl = "http://www.changeme.com"     } }  // log4j configuration log4j = {     // example of changing log pattern default console appender:     //     //appenders {     //    console name:'stdout', layout:pattern(conversionpattern: '%c{2} %m%n')     //}      error  'org.codehaus.groovy.grails.web.servlet',        // controllers            'org.codehaus.groovy.grails.web.pages',          // gsp            'org.codehaus.groovy.grails.web.sitemesh',       // layouts            'org.codehaus.groovy.grails.web.mapping.filter', // url mapping            'org.codehaus.groovy.grails.web.mapping',        // url mapping            'org.codehaus.groovy.grails.commons',            // core / classloading            'org.codehaus.groovy.grails.plugins',            // plugins            'org.codehaus.groovy.grails.orm.hibernate',      // hibernate integration            'org.springframework',            'org.hibernate',            'net.sf.ehcache.hibernate' }  // added spring security core plugin: grails.plugins.springsecurity.userlookup.userdomainclassname = 'common.auth.user' grails.plugins.springsecurity.userlookup.authorityjoinclassname = 'common.auth.userauthority' grails.plugins.springsecurity.authority.classname = 'common.auth.authority'

my login controller >>>

    import grails.converters.json  import javax.servlet.http.httpservletresponse  import org.codehaus.groovy.grails.plugins.springsecurity.springsecurityutils  import org.springframework.security.authentication.accountexpiredexception import org.springframework.security.authentication.credentialsexpiredexception import org.springframework.security.authentication.disabledexception import org.springframework.security.authentication.lockedexception import org.springframework.security.core.context.securitycontextholder sch import org.springframework.security.web.webattributes import org.springframework.security.web.authentication.usernamepasswordauthenticationfilter  class logincontroller {      /**      * dependency injection authenticationtrustresolver.      */     def authenticationtrustresolver      /**      * dependency injection springsecurityservice.      */     def springsecurityservice      /**      * default action; redirects 'defaulttargeturl' if logged in, /login/auth otherwise.      */     def index = {         if (springsecurityservice.isloggedin()) {             redirect uri: springsecurityutils.securityconfig.successhandler.defaulttargeturl         } else {             redirect action: 'auth', params: params         }     }      /**      * show login page.      */     def auth = {          def config = springsecurityutils.securityconfig          if (springsecurityservice.isloggedin()) {             redirect uri: config.successhandler.defaulttargeturl             return         }          string view = 'auth'         string posturl = "${request.contextpath}${config.apf.filterprocessesurl}"         render view: view, model: [posturl: posturl,                 remembermeparameter: config.rememberme.parameter]     }      /**      * redirect action ajax requests.      */     def authajax = {         response.setheader 'location', springsecurityutils.securityconfig.auth.ajaxloginformurl         response.senderror httpservletresponse.sc_unauthorized     }      /**      * show denied page.      */     def denied = {         if (springsecurityservice.isloggedin() &&                 authenticationtrustresolver.isrememberme(sch.context?.authentication)) {             // have cookie page guarded is_authenticated_fully             redirect action: 'full', params: params         }     }      /**      * login page users remember-me cookie accessing is_authenticated_fully page.      */     def full = {         def config = springsecurityutils.securityconfig         render view: 'auth', params: params,                 model: [hascookie: authenticationtrustresolver.isrememberme(sch.context?.authentication),                         posturl: "${request.contextpath}${config.apf.filterprocessesurl}"]     }      /**      * callback after failed login. redirects auth page warning message.      */     def authfail = {          def username = session[usernamepasswordauthenticationfilter.spring_security_last_username_key]         string msg = ''         def exception = session[webattributes.authentication_exception]         if (exception) {             if (exception instanceof accountexpiredexception) {                 msg = g.message(code: "springsecurity.errors.login.expired")             } else if (exception instanceof credentialsexpiredexception) {                 msg = g.message(code: "springsecurity.errors.login.passwordexpired")             } else if (exception instanceof disabledexception) {                 msg = g.message(code: "springsecurity.errors.login.disabled")             } else if (exception instanceof lockedexception) {                 msg = g.message(code: "springsecurity.errors.login.locked")             } else {                 msg = g.message(code: "springsecurity.errors.login.fail")             }         }          if (springsecurityservice.isajax(request)) {             render([error: msg] json)         } else {             flash.message = msg             redirect action: 'auth', params: params         }     }      /**      * ajax success redirect url.      */     def ajaxsuccess = {         render([success: true, username: springsecurityservice.authentication.name] json)     }      /**      * ajax denied redirect url.      */     def ajaxdenied = {         render([error: 'access denied'] json)     } }

my authority.groovy >>>

    package common.auth  class authority {      string authority      static mapping = {         cache true     }      static constraints = {         authority blank: false, unique: true     } }

my user domain.groovy user saved >>>

    package common.auth  class user {      transient springsecurityservice     string realname     string username     string password     string designation     boolean enabled     boolean accountexpired     boolean accountlocked     boolean passwordexpired      static constraints = {         username blank: false, unique: true         password blank: false     }      static mapping = {         password column: '`password`'     }      set<authority> getauthorities() {         userauthority.findallbyuser(this).collect { it.authority } set     }      def beforeinsert() {         encodepassword()     }      def beforeupdate() {         if (isdirty('password')) {             encodepassword()         }     }      protected void encodepassword() {         password = springsecurityservice.encodepassword(password)     } }

my userauthority.groovy >>>

    package common.auth  import org.apache.commons.lang.builder.hashcodebuilder  class userauthority implements serializable {      user user     authority authority      boolean equals(other) {         if (!(other instanceof userauthority)) {             return false         }          other.user?.id == user?.id &&             other.authority?.id == authority?.id     }      int hashcode() {         def builder = new hashcodebuilder()         if (user) builder.append(user.id)         if (authority) builder.append(authority.id)         builder.tohashcode()     }      static userauthority get(long userid, long authorityid) {         find 'from userauthority user.id=:userid , authority.id=:authorityid',             [userid: userid, authorityid: authorityid]     }      static userauthority create(user user, authority authority, boolean flush = false) {         new userauthority(user: user, authority: authority).save(flush: flush, insert: true)     }      static boolean remove(user user, authority authority, boolean flush = false) {         userauthority instance = userauthority.findbyuserandauthority(user, authority)         if (!instance) {             return false         }          instance.delete(flush: flush)         true     }      static void removeall(user user) {         executeupdate 'delete userauthority user=:user', [user: user]     }      static void removeall(authority authority) {         executeupdate 'delete userauthority authority=:authority', [authority: authority]     }      static mapping = {         id composite: ['authority', 'user']         version false     } }

and createuser action create user in administratoractioncontroller >>>

    package administrator  import common.auth.user  class admistratoractioncontroller {      def springsecurityservice      def index() {            redirect(controller: 'admistratoraction', action: 'createuser')     }      def createuser = {                 user user = new user(params)                 def password = user.password                 def salt = user.username //depends on you're using salt                 user.password = springsecurityservice.encodepassword(password, salt)                 user.save()                 flash.message = "user create !!!"     } }

i think encoding password twice, have encode() on beforeinsert in domain, think need not encode again.


Comments

Post a Comment

Popular posts from this blog

php - cannot display multiple markers in google maps v3 from traceroute result -

i'm newbie in php mysql , google maps v3. have problems in google maps v3. made traceroute web based , map traceroute's result in google maps v3 final project of college education. have try many tutorials didn't work. have tried tutorials in forum nothing worked. problem cannot display multiple markers got location data database. maybe because i'm newbie , not know how do. confuse looping show markers. here code <?php error_reporting(e_all ^ (e_notice)); ini_set('max_execution_time', 360); $enable_log_user = false; global $ip, $host_name, $host_ip; $host = @$_post['host']; $trace = @$_post['trace']; $self = $_server['php_self']; include("phpsqlajax_dbinfo.php"); $connection = mysql_connect ('127.0.0.1', $username, $password); if (!$connection) { die('not connected : ' . mysql_error());} $db_selected = mysql_select_db($database, $connection); if (!$db_selected) { die ('can\'t use db :
Read more

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more