Grails Spring安全认证来自服务

时间:2013-12-19 15:50:49

标签: grails spring-security gorm

由于我一直在我的Grails应用程序中使用专用服务,以便使用vaadin UI进行身份验证,我在验证登录时遇到问题:

1)在bootstrap中创建一个新用户并记录到db(postgre)

User.withTransaction {
   User test = new User(
      username: "test",
      password: springSecurityService.encodePassword("password"),
      enabled: true,
      accountExpired: false,
      accountLocked: false,
      passwordExpired: false
   ).save()

Role dashManager = new Role(authority: "ROLE_USER").save()

new UserRole(user: test, role: dashManager).save()

2)vaadin ui通常称为grails服务

boolean login(String username, String password) {
   try {
      println username + "----" + password
      security.signIn(username, password)
      return true
   } catch (SecurityServiceException e) {
      Notification.show("Login/Password incorrect", Notification.TYPE_ERROR_MESSAGE);
      return false
   }
}

3)我的securityService总是返回无效的

import grails.transaction.Transactional
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.authentication.BadCredentialsException
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken

@Transactional
class SecurityService {

    def springSecurityService
    def authenticationManager

    void signIn(String username, String password) {
        try {
            def authentication = new UsernamePasswordAuthenticationToken(username, password)
            SCH.context.authentication = authenticationManager.authenticate(authentication)
        } catch (BadCredentialsException e) {
            throw new SecurityException("Invalid username/password")
        }
    }

    void signOut() {
        SCH.context.authentication = null
    }

    boolean isSignedIn() {
        return springSecurityService.isLoggedIn()
    }
}

2 个答案:

答案 0 :(得分:3)

您可能会对密码进行双重编码。该插件的最新版本生成一个用户/人域类,为您编码密码,因此您无需调用springSecurityService.encodePassword("password"),如果您这样做,则会编码两次。这应该有效:

User test = new User(
   username: "test",
   password: "password",
   enabled: true
).save()

我省略了将accountExpiredaccountLockedpasswordExpired设置为false,因为这些是默认值。

答案 1 :(得分:0)

使用springSecurityService进行身份验证

 void signIn(String username, String password) {
        try {
            springSecurityService.reauthenticate(username, password)
        } catch (BadCredentialsException e) {
            throw new SecurityException("Invalid username/password")
        }
    }
相关问题
最新问题