0
votes

I have installed spring-security-core plugin for my project for login security.After installing it everything works fine such as if account_locked= true it shows the message that account locked, if enabled=false it shows that account is not enabled . But when everything is right then it shows "Sorry, we were not able to find a user with that username and password". Although I have this username and password. Can anyone please help me on this please?

here is my create action >>>

def createUser = {
    def user = new User()
    user.properties = params
    println(user.username)
    def password = user.password
    def salt = user.username //depends on what you're using as a salt
    user.password = springSecurityService.encodePassword(password, salt)
    user.save()
}
1
how do you create/save user in database? - Igor Artamonov
yes @IgorArtamonov you got me. Right now one of my friend told me that manually inserted data will not be used for log in. Encoded data will be used for that. I think you meant this. But now suppose I want to add user for my app then how can I create them. I have no idea. If you provide some help it will be so helpfull. - Sumon Bappi

1 Answers

1
votes

To insert user object, you need to encrypt password field, like:

def springSecurityService

def someAction() {
   def user = ...
   def password = ...
   def salt = user.username //depends on what you're using as a salt
   user.password = springSecurityService.encodePassword(password, salt)
   user.save()      
}

See plugin docs: http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/12%20Password%20and%20Account%20Protection.html

Salt is used to defeat pre-computed rainbow table attacks that could otherwise be used to greatly improve the efficiency of cracking the hashed password database. See http://en.wikipedia.org/wiki/Salt_(cryptography)