Grails和Spring Security:与密码模块PasswordEncoder一起使用时,Salt的值必须为空 [英] Grails and Spring Security: Salt Value Must Be Null When Use with Crypto Module PasswordEncoder
问题描述
我几乎完成了将Grails 2.2.1升级到2.3.4和Spring Security Plugin 1.2.7.3升级到2.0 RC2的工作。我有应用程序正在运行,但是当我尝试登录时,我得到一个:
java.lang.IllegalArgumentException:盐值必须是null当与密码模块PasswordEncoder
一起使用时,我一直无法弄清楚这一点, t找到了与grails或spring安全插件有关的这个错误的任何有用的提示...
我在本博客文章中设置了一个自定义UserDetailsService的salt:
http://grailsplayground.blogspot .com / 2011/10 / setting-up-grails-web-application-using.html
我不知道我是否需要做盐的方式不同(如果新插件有更好的方法来做)或者我只需要改变一些小东西(就像我通过将grails.plugins.springsecurity更改为grails.plugin.springsecurity的升级过程所做的那样)
log4j输出(尝试验证):
web.FilterChainProxy - / j_spring_security_check位于附加过滤器链中的第3位;引发过滤器:'RequestHolderAuthenticationFilter'authentication.ProviderManager - 使用org.springframework.security.authentication.dao.DaoAuthenticationProvider进行身份验证尝试
dao.DaoAuthenticationProvider - 身份验证失败:密码与存储值不匹配
rememberme.TokenBasedRememberMeServices - Interactive登录尝试失败。
rememberme.TokenBasedRememberMeServices - 取消cookie
2.0中的默认算法是bcrypt,它不支持提供的salt,因为它在内部使用它自己的。因此,取消配置任何与盐有关的设置(例如 dao.reflectionSaltSourceProperty
属性或自定义 saltSource
bean)并使用默认,或者使用 password.algorithm
属性(例如使用SHA-256)覆盖缺省值并配置salt设置。
I've almost completed my upgrade of a Grails 2.2.1 to 2.3.4 and Spring Security Plugin 1.2.7.3 to 2.0 RC2. I have the application running, but when I try to login I get a:
java.lang.IllegalArgumentException: Salt value must be null when used with crypto module PasswordEncoder
I haven't been able to figure this out and I haven't found any useful tips for this error related to grails or spring security plugin...
I have the salts setup with a custom UserDetailsService as laid out in this blog posting: http://grailsplayground.blogspot.com/2011/10/setting-up-grails-web-application-using.html
I don't know if I need to be doing the salts differently (if the new plugin has a better way to do it) or if I just needed to change something small (like I had to do through the upgrade process of changing grails.plugins.springsecurity to grails.plugin.springsecurity)
log4j output (trying to authenticate):
web.FilterChainProxy - /j_spring_security_check at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
dao.DaoAuthenticationProvider - Authentication failed: password does not match stored value
rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
rememberme.TokenBasedRememberMeServices - Cancelling cookie
The default algorithm in 2.0 is bcrypt which doesn't support a supplied salt because it uses its own internally. So unconfigure any salt-related settings (e.g. the dao.reflectionSaltSourceProperty
property or a custom saltSource
bean) and use the default, or override the default with the password.algorithm
property (e.g. with SHA-256) and configure salt settings.
这篇关于Grails和Spring Security:与密码模块PasswordEncoder一起使用时,Salt的值必须为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!