grails 和 spring security 核心插件 - 来自客户端的身份验证

发布于 2024-12-12 05:53:18 字数 422 浏览 0 评论 0原文

我开始将 spring-security-core-1.1.3 插件与 grails 一起使用。我的身份验证应用程序向服务器发送请求：

def authSomeAction = {
    def req = ...//http requet here
    if(req.contains("yes")){
       render "There is such user"
    }else{
       render "There is no such user"
    }
}

仅当我在客户端创建用户时，我才能使用 SpringSecurityUtils.reauthenticate(username,password) 方法成功进行身份验证

任何人都可以详细帮助我了解我必须如何实现插件在客户端工作（没有数据库）...？

原文

i am starting to use spring-security-core-1.1.3 plugin with grails.
My application for authentication sends request to server:

def authSomeAction = {
    def req = ...//http requet here
    if(req.contains("yes")){
       render "There is such user"
    }else{
       render "There is no such user"
    }
}

I can successfully authenticate using SpringSecurityUtils.reauthenticate(username, password) method only if i have created users in client side

Can anybody please in details help me to understand how i have to implement
plugin work in client side(without database)...?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

儭儭莪哋寶赑 2024-12-19 05:53:18

我对 Grails 很陌生，所以我显然可能偏离了基础，但我怀疑您的问题可能与您在创建用户时编码密码的方式有关。当您使用“客户端”创建用户时，您是否这样做与您使用的其他方法相同？

例如，当我第一次开始使用 spring-security-ui 插件时，我使用捆绑的实用程序创建了用户，但他们都无法登录。如果我理解正确，则 spring-security-core 自 spring-security 以来已更新-ui，它将控制器中对密码进行编码的需要转移到了用户本身中。例如，在该插件附带的 spring-security-ui UserController.save() 中，会发生这种情况：

if (params.password) {
    String salt = saltSource instanceof NullSaltSource ? null : params.username
    user.password = springSecurityService.encodePassword(params.password, salt)
}

但是我的 User 类有这个（直接来自 s2 插件示例）

def beforeInsert() {
    encodePassword()
}

def beforeUpdate() {
    if (isDirty('password')) {
        encodePassword()
    }
}

protected void encodePassword() {
    password = springSecurityService.encodePassword(password)
}

由于我的 User 类自行管理编码，因此有一个双重编码导致使用它创建的登录失败。您的应用程序中是否存在类似的情况？当您从客户端以外的地方创建用户时，您是否以相同的方式进行编码？

I am quite new to Grails, so I could clearly be way off base, but I suspect that your issue may have to do with the way that you are encoding the password upon user creation. Are you doing it the same when you create users using the "client side" vs. what other method you are using?

For example, when I first started using the spring-security-ui plugin, I created users with the utility that is bundled and they all failed to log in. If I understand properly, the spring-security-core was updated since spring-security-ui, which has shifted the need to encode the password in the controllers to within the User itself. For example, in the spring-security-ui UserController.save() that comes with that plugin, this occurs:

if (params.password) {
    String salt = saltSource instanceof NullSaltSource ? null : params.username
    user.password = springSecurityService.encodePassword(params.password, salt)
}

But my User class then has this (straight from the s2 plugin examples)

def beforeInsert() {
    encodePassword()
}

def beforeUpdate() {
    if (isDirty('password')) {
        encodePassword()
    }
}

protected void encodePassword() {
    password = springSecurityService.encodePassword(password)
}

Since my User class manages encoding itself, there was a double-encoding going which was causing the logins to fail that were created with it. Could there be something similar to this going on in your application? When you are creating users other than from the client side, are you encoding the same way?

回复收藏 0 原文

~没有更多了~