How I can hide password column from GORM view:
My domain class:
class SecUser {
static scaffold = true
transient springSecurityService
String username
String password
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static transients = ['springSecurityService']
static constraints = {
username blank: false, unique: true
password (display:false, blank: false)
}
static mapping = {
password column: '`password`'
}
Set<SecRole> getAuthorities() {
SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
// password = password
}
}
The display: false constraint is used to hide the property from the default scaffolded view. The project at https://github.com/jeffbrown/scaffolddisplay demonstrates this. You must have something in your app that is getting in the way of that. Possibly you have generated views which contain the property. Possibly you are using a plugin which is providing the view.
Related
I'm trying to replace the username with "email" and the password with "motDePasse" but I can't figure out how to do It: I tried to replace every old name by new name in the Person class and I added the following configuration to
my application.groovy :
grails.plugin.springsecurity.userLookup.usernamePropertyName= 'email'
grails.plugin.springsecurity.userLookup.passwordPropertyName= 'motDePasse'
but it doesn't work. I'm using grails 3.1.5, anyone can help me please?
the "Custom UserDetailsService" part of the documentation doesn't show how to replace attributes.
Thank you
I ended up with keeping the default password and replacing the username with email, I had simply to replace every "username" with "email" in the Person class:
package ma.ac.uir.ecine.authentification
import groovy.transform.EqualsAndHashCode
import groovy.transform.ToString
#EqualsAndHashCode(includes='email')
#ToString(includes='email', includeNames=true, includePackage=false)
class Personne implements Serializable {
private static final long serialVersionUID = 1
transient springSecurityService
String email
String password
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
Personne(String email, String password) {
this()
this.email = email
this.password = password
}
Set<Role> getAuthorities() {
PersonneRole.findAllByPersonne(this)*.role
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(password) : password
}
static transients = ['springSecurityService']
static constraints = {
password blank: false, password: true
email blank: false, unique: true
}
static mapping = {
password column: '`password`'
}
}
and add
grails.plugin.springsecurity.userLookup.usernamePropertyName= 'email'
to application.groovy
I couldn't replace the password.
Hello today I've started to learn Grails 3 with Spring Security Core Plugin but I'm having hard time with password Validation. When user is registering I want him to type password and confirmPassword. Everything would be ok if not hashing the password. I want my password to be encoded in database but with encoding I'm not able to compare those 2 passwords.
Here is my class:
#EqualsAndHashCode(includes='username')
#ToString(includes='username', includeNames=true, includePackage=false)
class User implements Serializable {
private static final long serialVersionUID = 1
transient springSecurityService
String username
String password
String confirmPass
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
User(String username, String password) {
this()
this.username = username
this.password = password
this.confirmPass = password
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this)*.role
}
// because of that I can't compare password and confirmPass
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(password) : password
}
static transients = ['springSecurityService']
static constraints = {
username blank: false, unique: true
password blank: false, size: 5..60, password: true, display: false, validator: { val, obj ->
if (!obj.id && !obj.password) {
return 'validation.user.password' // my message
}
}
confirmPass blank: // now I'm stuck here, I've tried isPasswordValid() but won't work cuz of 'salt' What shout go here?
}
static mapping = {
password column: '`password`'
}
}
What should I do to make it working(valid both password are same and then encoded password store in database).
This is my user class that has Spring Security on it
package rms
import java.util.Date;
import java.util.Set;
import enums.EmployeeStatus;
class User {
transient springSecurityService
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String firstName
String lastName
String middleName
String contactNumber
String position
String emailAddress
String employeeID
Date dateOfBirth
EmployeeStatus employeeStatus
int age
byte [] picture
static hasMany = [employeeReport: EmployeeReport]
static constraints = {
picture maxSize:20* 1024 * 1024
dateOfBirth nullable: true
employeeStatus blank: false
position blank: false
contactNumber blank: false
emailAddress blank: false, matches: "([a-z0-9_.-]+)#([da-z.-]+).([a-z.]{2,6})", email: true
age min: 18
username blank: false, unique: true
password blank: false, password: true
}
static mapping = { password column: '`password`' }
Set<SecRole> getAuthorities() {
SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
String toString(){
return "SecUser $username"
}
}
I tried this tag <sec:loggedInUserInfo field="username"/> and it works fine but this doesn't work <sec:loggedInUserInfo field="firstName"/>. It gives a
No such property: firstName for class: org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser
Is there any other way to display the other properties of the current logged in user?
The loggedInUserInfo can only access data from the "principal", which is typically an instance of GrailsUser. The data includes username, id, the assigned role names, and a few booleans about whether the user is enabled, the account is locked, etc. It's easy to subclass GrailsUser and create your own UserDetailsService and capture other data from the user domain class during authentication, and store that in the GrailsUser subclass to make it available to this tag; see http://grails-plugins.github.io/grails-spring-security-core/docs/manual.1273/guide/11%20Custom%20UserDetailsService.html for more info.
This works well if the data is read-only since it will be cached until the user logs out or the session expires. If the data that you want to display can change, retrieve the user instance and add it to the model map you return from the controller action:
class MyController {
def springSecurityService
def theAction() {
...
def user = springSecurityService.currentUser
[user: user, foo: 5, bar: "whatever", ...]
}
}
and then you can display whatever you want in the GSP, e.g. ${user.firstName}
i'm using Grails 2.1.1 in my project, right now i'm using springSecurityService.currentUser to get user credential, etc.
in the past 2 days, my project need some CMS extension and i've stumbled upon Weceem plugins.
set things here and there, in the end my project with Weceem plugins is now running, but getting Null Pointer Exception each time the springSecurityService.currentUser method is called.
Without weceem grails-plugin everything is running fine, so i assume there's some settings that i need to make. the question is where and what?
this is my user class
class User {
transient springSecurityService
String username
String password
boolean enabled = true
boolean accountExpired = false
boolean accountLocked = false
boolean passwordExpired = false
Person person
static hasOne = [Person]
static hasMany = [roles: Role]
static constraints = {
username blank: false, unique: true
password blank: false
}
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
roles as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}}
and this is my controller that called the springSecurityService
//show the list of all person
def list = {
//get all the sorting params
params.sort = params.sort ?: 'firstName'
params.order = params.order ?: 'asc'
params.max = params.max ?: 10
params.offset = params.offset ?: 0
def test = springSecurityService.getCurrentUser()
def personList = Person.createCriteria().list (max: params.max, offset: params.offset) {
if (springSecurityService.currentUser.person.affiliate.value != 'Admin'){
eq("affiliate", springSecurityService.currentUser.person.affiliate)
eq("deleted", false)
}
order(params.sort, params.order)
}
render view:'list', model:[persons: personList, personTotal: personList.totalCount]
}
I have the following class
class SentryUser {
transient springSecurityService
String userName
String password
boolean enabled
boolean accountExpired = false
boolean accountLocked = false
boolean passwordExpired = false
static constraints = {
userName blank: false, unique: true
password blank: false
}
static mapping = {
password column: '`password`'
}
Set<SentryRole> getAuthorities() {
SentryUserSentryRole.findAllBySentryUser(this).collect { it.sentryRole } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
I'm calling the following code in bootstrap
def admin = new SentryUser(userName: "sample#sample.com",
enabled: true).save(failOnError: true)
and getting the following error
context.GrailsContextLoader Error executing bootstraps: groovy.lang.MissingMethodException: No signature of method: SentryUser.save() is applicable for argument types: () values: []
I'm on grails 2.1.1 and using the spring security plugin.
You're calling save(Map) but the MME is complaining about save() with no arguments. I've seen this discrepancy before when I didn't have any persistence plugins (hibernate/mongodb) installed in my application - it was a plugin project that I was trying to run as a standalone app and the default BuildConfig for a new plugin project doesn't include a dependency on hibernate.