grails - 身份验证失败-Grails无法提供凭据

标签 grails spring-security

我已经在Bootstrap.groovy中创建了用户和角色。

def user = new User(username:"name", password:"pass",email:"email@gmail.rr",enabled:true).save()

我已经直接在数据库中检查了每个用户名和密码。
为了测试目的,我什至删除了编码。
但是,尝试登录时会收到此消息(我添加了一些其他日志记录)

2014-01-27 22:49:04,480 [http-bio-8090-exec-3] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 22:49:04,480 [http-bio-8090-exec-4] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 23:06:19,654 [http-bio-8090-exec-7] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 23:06:19,833 [http-bio-8090-exec-8] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4a600: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: grails.anonymous.user; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 951C58071D49B3E3AB6D55C158C46B43; Granted Authorities: ROLE_ANONYMOUS is NOT logged in 2014-01-27 23:06:29,147 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Request is to process authentication 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@df9533 2014-01-27 23:06:30,116 [http-bio-8090-exec-9] DEBUG authentication.AjaxAwareAuthenticationFailureHandler - Redirecting to /login/authfail?login_error=1 2014-01-27 23:06:30,165 [http-bio-8090-exec-10] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication failed!!!! 2014-01-27 23:06:30,235 [http-bio-8090-exec-10] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4a600: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: grails.anonymous.user; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 951C58071D49B3E3AB6D55C158C46B43; Granted Authorities: ROLE_ANONYMOUS is NOT logged in



您从此堆栈跟踪中了解什么?如果需要更多信息,我会毫不犹豫地提供:)

根据我在日志中看到的内容,当我尝试使用在数据库中创建并验证的管理员用户登录时,Spring Security尝试使用无法访问这些页面的匿名用户登录。
这是一些更多的spring安全配置
    grails.plugin.springsecurity.controllerAnnotations.staticRules = [
]
grails.plugin.springsecurity.interceptUrlMap = [
    '/candidate/*': ['ROLE_ADMIN'],

 ]

最佳答案

这里没什么要继续的:)只是说密码错误。

由于您没有提到这是从插件的1.2.x到2.x的升级,因此不应该存在配置问题。如果是这样,并且您未进行任何配置更改,则您将使用SHA-256哈希旧密码,但会将其与bcrypt哈希密码进行比较。另外,即使您将其配置为使用SHA-256,哈希迭代的次数也从1更改为10000,因此在Config.groovy中需要grails.plugin.springsecurity.password.hash.iterations = 1

所以我猜你是在BootStrap.groovy中显式地对密码进行哈希处理,例如

def user = new User(username: 'me', enabled: true, password: springSecurityService.encodePassword('super_secret')).save()

但是生成的用户类会自动为您哈希,因此哈希两次。如果这样做,请将BootStrap代码更改为
def user = new User(username: 'me', enabled: true, password: 'super_secret').save()

关于grails - 身份验证失败-Grails无法提供凭据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21392835/

上一篇:grails - Grails DB迁移插件-奇怪的行为

下一篇:spring - ConversionNotSupportedException : Failed to convert property value of type 'grails.spring.BeanBuilder' to required type 'java.lang.String'

相关文章:

git - 在 Jenkins 上进行 git 时检查特定文件夹

grails - 如何显示在textArea中创建的String以保持Grails的格式?

grails - 我如何找出正在执行的测试类型?

java - 如何读取从 IdP 接收到的 SAML 属性值?

java - Spring Cloud Zuul传递JWT下游

grails - 了解Spring Security如何与角色排序顺序一起使用

grails - 如何在grails 3中配置quartz插件?

authentication - 在Grails应用程序中针对TOTP或其他多因素身份验证的完美解决方案?

spring - 如何从 OAuth2 授权服务器/用户端点获取自定义用户信息

java - 如何使用 Spring Security 以编程方式验证 `User` 并使用我的 `UserDetailsServie` 实现?

©2024 IT工具网  联系我们