I have Grails app with spring-security-core plugin. In my conf/spring/resources.groovy file I defined
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
beans = {
passwordEncoder(PlaintextPasswordEncoder)
}
so I can save plain text passwords in MySql DB like it was explained here Spring security no password encoding
in views/login/auth.gsp I also added in <head> block
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
and in Datasource.groovy
url = "jdbc:mysql://localhost:3306/blabla?useUnicode=true&characterEncoding=utf8"
I created User with username = ččč and password = ččč succesfully , but when I try to login with this user I get login error "Sorry, we were not able to find a user with that username and password." I checked database and user exists with those field values.
I tried to login with some other user that has username = admin , password = admin , and it works fine.
So I guess that it has something to do with j_username and j_password not accepting non-English characters ... How to enable login form fields to accept utf-8 character set?
I have:
Grails 1.3.7
Spring-Security-Core 1.2.6
STS 2.8.1
mysql-connector-java-5.1.18
Windows 7
First advice: don't use plaintext passwords. Second advice: check what SQL queries are sent to database. You need this in your Config.groovy to see Hibernate statements and its parameter values:
log4j = {
debug 'org.hibernate.SQL'
trace 'org.hibernate.type'
}
Related
i'm using Grails 2.5.1 and mail:1.0.7 plugin to send emails , but when i'm using it i always getting the bellow error :
Class:javax.mail.AuthenticationFailedExceptionMessage:535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/answer/14257 qq4sm4579366wjc.14 - gsmtp
although i can login with the provided credentials successfully from the browser !!
here are my configurations in the Config file :
grails {
mail {
host = "smtp.gmail.com"
port =465
username = "****"
password = "***"
props = ["mail.smtp.auth":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback":"false"]
}
}
and here is the action :
mailService.sendMail{
to userInstance.toEmail
subject userInstance.subject
html "<strong>Test</strong> "
}
anything i'm missing ?
It may be because of gmail's security feature for less secure apps to get authenticated. Just turn on the access for less secure apps.
Follow below steps:
1 Login to your gmail account
2 Access the url:
https://www.google.com/settings/security/lesssecureapps
3 Select "Turn on"
If you have gmail - settings for plugin are correct (i have the same and they are working) , but if your email is not gmail you must have other config.
By the way if you gmail :
Username and Password not accepted.
your username or password is wrong, try to login with this Username and password, watch out for register of letters.
https://grails.org/plugin/mail
1.
I have setup a CAS server up and running at port: 8443 url -> https://ekansh/cas.
I can see the login page and i am successfully able to login using mysql database user table credentials. and even logout and see status.
I created a demo grails app, installed spring security plugin and created user role mappings by s2-quickstart. and scaffolding domains.
I added the
compile ":spring-security-core:2.0-RC4"
compile ":spring-security-cas:2.0-RC1"
dependencies.
Added configurations in Config.grovy
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.loginUri = '/login'
grails.plugin.springsecurity.cas.sendRenew = false
grails.plugin.springsecurity.cas.serviceUrl = 'http://ekansh:8095/app1/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.serverUrlEncoding = 'UTF-8'
grails.plugin.springsecurity.cas.key = 'grails-spring-security-cas'
grails.plugin.springsecurity.cas.artifactParameter = 'ticket'
grails.plugin.springsecurity.cas.serviceParameter = 'service'
grails.plugin.springsecurity.cas.filterProcessesUrl = '/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'http://ekansh:8095/app1/secure/receptor'
grails.plugin.springsecurity.cas.useSingleSignout = true
grails.plugin.springsecurity.cas.serverUrlPrefix = 'https://ekansh:8443/cas'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'http://ekansh:8095/app1/secure/receptor'
grails.plugin.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugin.springsecurity.logout.afterLogoutUrl ='https://ekansh:8443/cas/logout?url=http://ekansh:8095/app1/'
grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider']
Nw when i run this app, i get redirected to cas server page, i enter the credentials, it logs me into cas server, but it sends me to the spring security login page with message that
Sorry, we were not able to find a user with that username and password. And i am not even able to sign in to the application from this point.
What am i missing ? Why am i getting spring security login page.
I also found that when i comment line grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider'], i am able to login to the system. I have not altered the casAuthenticationProvider.
Any help would be appriciated.
I found the answer to my question after a lot of research. Basically i did mess up with the configurations of the cas server.
The user was getting logged into the cas server but a ticket was not being generated for the same user, thus it was still sending a user not authenticated response back to the application and spring security, was redirecting to the login page.
I am using the following code in my logout button :
<a id="login-control-logout" href="${createLink(controller:'LicGenerator', action:'logout')}"><i class="icon-off"></i> Logout</a></li>
Inside my controller, I am using the following code :
def logout() {
request.getSession().invalidate()
response.setHeader("Cache-Control","no-cache,no-store,must-revalidate")
response.setHeader("Pragma","no-cache")
response.setDateHeader("Expires", 0)
redirect(uri:'/login.html')
}
It goes to login.html, but when I enter the username and password again, it doesn't log me back in and throws an error
type Status report
message /LicGenerator/j_security_check
description The requested resource (/LicGenerator/j_security_check) is not available.
When I refresh the browser, I got this error :
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
Also, the back button takes me to page even though I added cache control to response.
Simply invalidating your session for spring security is probably not advisable. As there is a SecuritySession which also has cookies. It may be better to use whats provided by spring security already.
import grails.plugin.springsecurity.SpringSecurityUtils
redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl
Then you can configure your default login url via the config options for the spring security plugin
I am just learning grails and have a problem with an app that works fine when I run it in Netbeans but shows strange behavior when deployed to Tomcat 7.0.22 on a Centos 5.4 server. I am using the proxy_ajp to make the app available with apache.
The problem seems to be with the session not being maintained after a redirect so that I lose the login information causing the app to try to login again.
My proxy_ajp settings are
<Location /PreyerBooks >
ProxyPass ajp://localhost:8011/PreyerBooks
ProxyPassReverse ajp://localhost:8011/PreyerBooks
</Location>
the app is deploying without errors and the connectivity to the database and LDAP is working. I tested this by logging in the authenticate method as follows
UserController - authentication function
def authenticate = {
def password=passhash(params.password)
log.info " login attempt ${params.login} - ${params.password} - ${password}"
def match = User.findAll(
directory: "user",
filter: "(&(uid=${params.login})(userpassword=${password}))"
)
log.info " match ${match}"
if (match) {
def user = Employee.findByLogin(params.login)
log.info " user ${user} - ${user?.role}"
if(user){
session.user = user
log.info "success"
flash.message = "Hello ${user.firstname}!"
redirect(controller:"Book", action:"index")
}else{
log.error "failed login attempt mismatch to ldap ${params.login}"
flash.message = "Sorry, ${params.login}. Please try again."
redirect(action:"login")
}
}else{
log.error "failed login attempt ${params.login} - ${params.password}"
flash.message = "Sorry, ${params.login}. Please try again."
redirect(action:"login")
}
}
BookController - auth function (checks if logged in)
def beforeInterceptor = [action:this.&auth, except:[]]
def auth() {
log.info "BookController:auth() ${session}"
if(!session.user) {
redirect(controller:"User", action:"login")
return false
}
log.info "BookController:auth() working"
return true
}
The log shows
INFO books.UserController - login attempt username - password - passwordhash
INFO books.UserController - match [de.preyer.books.User#d4a1cc]
INFO books.UserController - user username - admin
INFO books.UserController - success
INFO books.BookController - BookController:auth() Session Content:
The session.user variable has vanished. I checked the passwordhash and it correctly matches against the LDAP server (hence the object reference in match). This user is correctly found in the database where it gains its role.
I cannot access the app directly avoiding the apache ajp as the port is blocked in the firewall and I cannot open it. Thus I cannot test if the problem is in the ajp or tomcat in general
I have tried searching for the criteria specified as the title but find nothing relevant.
a) browser cookies are enabled and working, I tried Safari, Firefox and Chrome without success. I do not think this is a browser issue as the same browsers work with the app in NetBeans (using jetty I think)
b) I have set grails.serverURL = "http://servername/PreyerBooks" to the fully qualified domain
If I turn of the auth the app works.
I must be doing something wrong or have missed a step in the deployment.
Now I know I can include a plugin using Spring Core but this is overkill for my application and adds a further level of complexity to the debugging. I wish to get the current implementation working before moving on. The logic is copied from the Grails 2.1.0 documentation so it should work.
I read in httpSession that things must be serializable but if the example in the documentation does not work why does the app work when I run it in NetBeans?
I am at a loss. Any help would be much appreciated.
Use the spring-security-core plugin (or Shiro, or any established, proven security implementation). It's not complex, and rolling your own security is a quick path to getting hacked.
I'm currently working with Grails and the Spring Security plugin and trying to implement a password expiration workflow. I've configured the plugin as expected:
grails.plugins.springsecurity.failureHandler.exceptionMappings = [
'org.springframework.security.authentication.CredentialsExpiredException': '/login/passwordExpired'
]
and in my passwordExpired action if I call:
def username = session['SPRING_SECURITY_LAST_USERNAME']
then in the username the HTML special characters are going to be escaped like
my_user => my_user
my-user => my-user
Is it possible to turn this escaping off?
Ritesh mentioned here spring_security_last_username that the SPRING_SECURITY_LAST_USERNAME is deprecated, so what else can I use?
For any help, thanks in advance!
The String 'SPRING_SECURITY_LAST_USERNAME' isn't deprecated - the old constant with that value is and has been moved with a new name but the same value. So your code will continue to be valid.
Rather than changing things to not escape, you can un-escape easily:
import org.apache.commons.lang.StringEscapeUtils
...
String username = StringEscapeUtils.unescapeHtml(session['SPRING_SECURITY_LAST_USERNAME'])
You don't need to use a tool. Use Grails HTML codec:
username = session['SPRING_SECURITY_LAST_USERNAME']?.decodeHTML()