问题
Im using SpringSecurity 2.0-RC2 and want users to give the possibilty to change their passwords while they are online.
My User domain class has the following
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
To check whether the user was enterering the correct current password i was doing the following in a controller:
if (springSecurityService.encodePassword(params.currentPassword) == user.password) {
... but surprsingly (for me) the check always fails. Even more strange if im doing this:
println springSecurityService.encodePassword(params.currentPassword)
println springSecurityService.encodePassword(params.currentPassword)
i receive the following in the console
$2a$10$sWt7mUSHPFT.Np6m.gXyl.h8tWqblJbwtzQ6EQeMHxXMoGwOffC3e $2a$10$lwHz1SkNlW8ibznt.mOiruAg5eG/BTtsjM7ChyYVBvamRcrL8tucm
(like there would be a salt - but i didnt configure one myself)
My Settings are more or less the default settings; except the package names of the three domain classes.
As the documention is down since severely days im asking here if somebody has a idea what im doing wrong...
回答1:
Try this
def passwordEncoder
...
passwordEncoder.isPasswordValid(user.password, params.currentPassword, null)
See this post for more detail.
回答2:
def springSecurityService
if(user.password == springSecurityService.encodePassword(params.currentPassword)){
println("User Password and params password is same")
} else {
println("User Password and params password are not equal")
}
来源:https://stackoverflow.com/questions/24115991/grails-spring-security-how-to-compare-passwords