spring-security-core and spring-security-ui doc inconsistency

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

spring-security-core and spring-security-ui doc inconsistency

jlegelis
I discovered an painful little inconsistency in the spring-security-core tutorial that cause me hours of frustration: The symptom was that when using spring-security-core 1.2.1 and the tutorial-generated domain / controller objects, I could create users without any problem.  Unfortunately attempting to log in with the same creds kept resulting in 'invalid password errors'.  

After much research, I discovered a patch had been applied in spring-security-core 1.2 that automatically calls encodepassword in the user domain object.  However, the spring-security-core-tutorial bootstrap.groovy samples, as well as the spring-security-ui (v0.1.2) grails.plugins.springsecurity.ui.usercontroller already call encodepassword before sending to the  domain object.  Thus the password was ending up twice-encoded (once in bootstrap or the usercontroller, and again in the 'user' domain object) , resulting in an authentication failure.

Updating the controllers resulted in the desired behavior.  It would be great if the tutorial, as well as the spring-security-ui controllers could be updated accordingly to prevent this maddening error.
Reply | Threaded
Open this post in threaded view
|

Re: spring-security-core and spring-security-ui doc inconsistency

pledbrook
Administrator
> Updating the controllers resulted in the desired behavior.  It would be
> great if the tutorial, as well as the spring-security-ui controllers could
> be updated accordingly to prevent this maddening error.

The tutorial appears to have been updated already. The UI plugin has a
pull request to fix the controllers. It just needs reviewing and
applying (if it's OK). It will be done, it's just a question of
scheduling it.

Cheers,

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware
Reply | Threaded
Open this post in threaded view
|

Re: spring-security-core and spring-security-ui doc inconsistency

jeffpogo
Hi Peter,

When I install the spring-security-ui plugin using the command:  grails install-plugin spring-security-ui, this problem still exists. (I know I can work around it, but ...)

Can you please tell me the best way to get the most up-to-date plugin loaded in my grail's project?

I want to install all the latest fixes committed to the plugin to my projects.

Thank you, Jeff.
Reply | Threaded
Open this post in threaded view
|

Re: spring-security-core and spring-security-ui doc inconsistency

pledbrook
Administrator
Hi Jeff,

> When I install the spring-security-ui plugin using the command:  grails
> install-plugin spring-security-ui, this problem still exists. (I know I can
> work around it, but ...)
>
> Can you please tell me the best way to get the most up-to-date plugin loaded
> in my grail's project?
>
> I want to install all the latest fixes committed to the plugin to my
> projects.

A new version hasn't been released yet. I'm nudging Burt to get one
done, particularly as the fix you are after has already been committed
to GitHub. Note that for backwards compatibility reasons, you will
have to set a configuration option if you use the new Spring Security
Core domain classes. See this commit for more details:

    https://github.com/grails-plugins/grails-spring-security-ui/commit/3f06543decb5fc723f626d323ce2f6188b9d16c5

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware
Reply | Threaded
Open this post in threaded view
|

Re: spring-security-core and spring-security-ui doc inconsistency

jeffpogo
The spring security ui plugin mostly works -- with workarounds, but does not seem to be actively supported. (May be the author does not have time or is working on other projects.)

(I even tried using it with grails 2.0 and the jquery stuff does not work on the forms. -- I am sure there is a workaround, but I need to research and fix this.)

Why does not Vmware or Spring create an up-to-date / working spring security ui plugin for grails?
(that works with grail 1.3.7 and 2.0)

I think having easy to use security ui plugin is a great way to promote the use of grails -- because most everyone needs these features. (and it is a lot of work to write one from scratch)

Thanks.

On Wed, Dec 14, 2011 at 12:50 PM, pledbrook [via Grails Plugins] <[hidden email]> wrote:
Hi Jeff,

> When I install the spring-security-ui plugin using the command:  grails
> install-plugin spring-security-ui, this problem still exists. (I know I can
> work around it, but ...)
>
> Can you please tell me the best way to get the most up-to-date plugin loaded
> in my grail's project?
>
> I want to install all the latest fixes committed to the plugin to my
> projects.

A new version hasn't been released yet. I'm nudging Burt to get one
done, particularly as the fix you are after has already been committed
to GitHub. Note that for backwards compatibility reasons, you will
have to set a configuration option if you use the new Spring Security
Core domain classes. See this commit for more details:

    https://github.com/grails-plugins/grails-spring-security-ui/commit/3f06543decb5fc723f626d323ce2f6188b9d16c5

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware



To unsubscribe from spring-security-core and spring-security-ui doc inconsistency, click here.
NAML


Clipboard01.png (5K) Download Attachment