带有Spring Security Plugin和Salted Passwords的Grails [英] Grails with Spring Security Plugin and Salted Passwords
问题描述
我正在尝试在我的Grails + Spring Security应用程序中执行腌制密码哈希。我已经在Grails网站上使用过这些教程,还有我在互联网上随机发现的教程。
目前,我已经根据这个教程。但是,当在 resources.groovy 中部署具有以下bean声明的应用程序时遇到问题:
saltSource(cq.MySaltSource){
userPropertyToUse = CH.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
}
它抱怨找不到 CH 。
经过深入挖掘,我发现了一篇关于
另外 - 不要使用ConfigurationHolder(CH),因为它是在2.0中已弃用。您可以传递对grailsApplication bean的引用并从中获取配置:
saltSource (MySaltSource){
grailsApplication = ref('grailsApplication')
}
,然后在你的类中添加
def grailsApplication
并通过
字符串userPropertyToUse grailsApplication.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
我不遵循的部分是关于...并通过...获取属性的最后一条语句。他给出的代码行似乎对我不利。
如果有人可以在这里说明一些情况,或者提供一种在Grails和Spring Security中使用不同密码的方法,我会很感激。请注意,它需要是每个用户独特的salt,而不是系统范围或单盐,或从用户名中派生的盐。
感谢
更新
因此,我在第一篇教程中(忘记了 resources.groovy 顶部的 import 语句) c>,但我仍然想用第二种方式(保持与未来版本兼容)。 strong> UPDATE 2
如果有人在这里浏览有兴趣,我已经写了一个完整的教程:
使用Spring设置Grails Web应用程序安全和密码。
在 resources.groovy 定义 saltSource bean的位置 GrailsApplication 可用作应用程序变量,因此您可以将bean声明更改为
saltSource(cq.MySaltSource){
userPropertyToUse = application.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
}
I am trying to do salted password hashing in my Grails + Spring Security application. I have used the tutorials on the Grails site, and also ones I found randomly on the Internet.
At the moment, I have everything set up according to this tutorial. However I run into a problem when deploying the application with the following bean declaration in resources.groovy:
saltSource(cq.MySaltSource) {
userPropertyToUse = CH.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
}
It complains that it cannot find CH.
After digging around, I found a post on nabble stating the following:
Also - don't use ConfigurationHolder (CH) since it's deprecated in 2.0. You can pass in a reference to the grailsApplication bean and get the config from there:
saltSource(MySaltSource) {
grailsApplication = ref('grailsApplication')
}
and then in your class add
def grailsApplication
and get the property via
String userPropertyToUse grailsApplication.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
The part that I do not follow is the last statement about "...and get the property via...". The line of code he gives there seems malformed to me.
If anyone can shed some light here, or provide a different approach to using salted passwords with Grails and Spring Security, I would appreciate it. Note that it needs to be unique salts per user, not system-wide or a single salt, or a salt derived from username.
Thanks
UPDATE
So I got it working with the first tutorial (forgot the import statement at the top of resources.groovy. But I would still like to use the second way (to stay compatible with the future version).
UPDATE 2
I have written a complete tutorial on this if anyone browsing here is interested:
Setting up a Grails web application using Spring Security and salted passwords.
In resources.groovy where you're defining the saltSource bean the GrailsApplication is available as the application variable, so you can change the bean declaration to
saltSource(cq.MySaltSource) {
userPropertyToUse = application.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty
}
这篇关于带有Spring Security Plugin和Salted Passwords的Grails的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
