Problem authenticating with shiro in grails app
I have a grails 1.2 app and I want to u开发者_开发技巧se declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages are shown neither in the console nor in the stacktrace file. I added "warn 'org.jsecurity'" to Config.groovy with no results. Any hints/tricks to troubleshoot this ?
I ran into this problem as well... how are you saving the password for the user? After running quick start I followed the example on the Shiro plugin page and added the code below to my bootstrap init method:
import org.apache.shiro.crypto.hash.Sha512Hash
def user = new ShiroUser(username: "user123", passwordHash: new Sha512Hash("password").toHex())
user.save()
I would attempt to login and would continue to get a login failed. So I tried
def user = new ShiroUser(username:'admin', passwordHash:new Sha256Hash("admin").toHex())
user.save()
After changing from Sha512Hash to Sha256Hash... I was able to login!
UPDATE: Just created a new app with default Shiro Plugin settings after running 'quick-start'. If you are to create a user, you are going to want to use Sha256Hash out of the box. However, you can use Sha512Hash or Sha1Hash by adding the bean to your resources.groovy file for Spring.
Example for Sha512Hash:
beans = {
bean {
credentialMatcher(Sha512CredentialsMatcher) {
storedCredentialsHexEncoded = true
}
}
}
Did you run the quick-start? Are you using the default database realm?
I would debug through the Realm you're using and see what's going on.
I can't help with the shiro troubleshooting, but if you're looking for a more powerful solution you might want to check out nimble. It's based on shiro and offers a lot of additional features and flexibility.
You can install the latest with:
grails install-plugin nimble 0.4-SNAPSHOT
nimble documentation
加载中,请稍侯......
精彩评论