我已经为我的项目安装了spring-security-core插件以确保登录安全性。安装后一切正常,例如account_locked = true表示帐户已被锁定的消息,如果enabled = false则表示帐户未启用。但是,当一切正确时,它会显示“对不起,我们无法找到具有该用户名和密码的用户”。虽然我有这个用户名和密码。谁能帮我这个忙吗?
这是我的创建 Action >>>
def createUser = {
def user = new User()
user.properties = params
println(user.username)
def password = user.password
def salt = user.username //depends on what you're using as a salt
user.password = springSecurityService.encodePassword(password, salt)
user.save()
}
最佳答案
要插入用户对象,您需要加密密码字段,例如:
def springSecurityService
def someAction() {
def user = ...
def password = ...
def salt = user.username //depends on what you're using as a salt
user.password = springSecurityService.encodePassword(password, salt)
user.save()
}
查看插件文档:http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/12%20Password%20and%20Account%20Protection.html
Salt用于抵御预先计算的彩虹表攻击,否则可用于极大地提高破解哈希密码数据库的效率。参见http://en.wikipedia.org/wiki/Salt_(cryptography)