Home/ Questions/Q 6207759
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T05:41:23+00:00

I installed SpringSecurity Successfully, Upon user registration and verifying the user using Spring Security

  • 0

I installed SpringSecurity Successfully, Upon user registration and verifying the user using Spring Security UI’ RegisterController closures, I can see the user is successfully logged in using the springSecurityService.reauthenticate.

However if I logout and try logging in using the auth screen provided by the spring security I always get the http://:port/spoofsecurity/login/auth?login_error=1

I can see in the database that the user is there and unlocked, and enabled.

Appreciate any thoughts as why I get that login failure.

Thanks

My Config.groovy entry

    grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.srisris.spoofsecurity.auth.SchemeUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.srisris.spoofsecurity.auth.SchemeUserRole'
grails.plugins.springsecurity.authority.className = 'com.srisris.spoofsecurity.auth.SchemeRole'
//grails.plugins.springsecurity.password.algorithm='SHA-512'
grails.plugins.springsecurity.securityConfigType = SecurityConfigType.Annotation
//grails.plugins.springsecurity.securityConfigType = SecurityConfigType.Requestmap
//grails.plugins.springsecurity.requestMap.className = 'com.srisris.spoofsecurity.auth.Requestmap' 
//grails.plugins.springsecurity.useSwitchUserFilter = true
grails.plugins.springsecurity.securityConfigType = SecurityConfigType.Annotation

LoginController.groovy

    import grails.converters.JSON

import javax.servlet.http.HttpServletResponse

import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

import org.springframework.security.authentication.AccountExpiredException
import org.springframework.security.authentication.CredentialsExpiredException
import org.springframework.security.authentication.DisabledException
import org.springframework.security.authentication.LockedException
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.web.WebAttributes
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

class LoginController {

    /**
     * Dependency injection for the authenticationTrustResolver.
     */
    def authenticationTrustResolver

    /**
     * Dependency injection for the springSecurityService.
     */
    def springSecurityService

    /**
     * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.
     */
    def index = {
        if (springSecurityService.isLoggedIn()) {
            redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
        }
        else {
            redirect action: auth, params: params
        }
    }

    /**
     * Show the login page.
     */
    def auth = {

        def config = SpringSecurityUtils.securityConfig

        if (springSecurityService.isLoggedIn()) {
            redirect uri: config.successHandler.defaultTargetUrl
            return
        }

        String view = 'auth'
        String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
        render view: view, model: [postUrl: postUrl,
                                   rememberMeParameter: config.rememberMe.parameter]
    }

    /**
     * The redirect action for Ajax requests. 
     */
    def authAjax = {
        response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
        response.sendError HttpServletResponse.SC_UNAUTHORIZED
    }

    /**
     * Show denied page.
     */
    def denied = {
        if (springSecurityService.isLoggedIn() &&
                authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
            // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
            redirect action: full, params: params
        }
    }

    /**
     * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
     */
    def full = {
        def config = SpringSecurityUtils.securityConfig
        render view: 'auth', params: params,
            model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
                    postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"]
    }

    /**
     * Callback after a failed login. Redirects to the auth page with a warning message.
     */
    def authfail = {

        def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
        String msg = ''
        def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
        if (exception) {
            if (exception instanceof AccountExpiredException) {
                msg = SpringSecurityUtils.securityConfig.errors.login.expired
            }
            else if (exception instanceof CredentialsExpiredException) {
                msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
            }
            else if (exception instanceof DisabledException) {
                msg = SpringSecurityUtils.securityConfig.errors.login.disabled
            }
            else if (exception instanceof LockedException) {
                msg = SpringSecurityUtils.securityConfig.errors.login.locked
            }
            else {
                msg = SpringSecurityUtils.securityConfig.errors.login.fail
            }
        }

        if (springSecurityService.isAjax(request)) {
            render([error: msg] as JSON)
        }
        else {
            flash.message = msg
            redirect action: auth, params: params
        }
    }

    /**
     * The Ajax success redirect url.
     */
    def ajaxSuccess = {
        render([success: true, username: springSecurityService.authentication.name] as JSON)
    }

    /**
     * The Ajax denied redirect url.
     */
    def ajaxDenied = {
        render([error: 'access denied'] as JSON)
    }
}

auth.jsp

 <head>
    <meta name='layout' content='main'/>
    <title>Login</title>
    <style type='text/css' media='screen'>

    #auth .flashMessage {
        text-align: center;
        margin: 5px 0 0 0;
    }

    #auth {
        padding: 5px 10px;
        text-align: left;
        width: 300px;
        border-width: 1px;
        border-style: dashed none;
        border-color: #49d;
    }

    #auth table {
        width: 100%;
    }

    #auth table tr:first-child td {
        border: 0;
    }

    #auth h1 {
        font-size: 1.4em;
        margin-bottom: 0;
        text-align: center;
    }

    #auth td {
        border-top: 1px dashed gray;
        vertical-align: middle;
        padding: 5px 0;
    }

    #auth label {
        font-weight: bold;
    }

    #auth input[type="submit"] {
        font-size: 1em;
        width: 100px;
        height: 2em;
    }

    #auth .submit {
        text-align: center;
    }

    .forgot{
        margin: 0;
        text-align: center;
    }
    </style>
</head>

<body>
    <div id='auth'>
        <cap:flashMessage/>
        <form action='${postUrl}' method='POST' id='loginForm' autocomplete='off' onsubmit="return formSubmit();">
            <table cellpadding="0" cellspacing="0">
                <tr>
                    <td colspan="2"><h1>Please Login</h1></td>
                </tr>
                <tr>
                    <td><label for='username'>Email</label></td>
                    <td><input type='text' name='j_username' id='username'/></td>
                </tr>
                <tr>
                    <td><label for='password'>Password</label></td>
                    <td><input type='password' name='j_password' id='password'/></td>
                </tr>
                <tr>
                    <td><label for='remember_me'>Remember Me</label></td>
                    <td><input type='checkbox' name='${rememberMeParameter}'
                            id='remember_me' ${hasCookie ? "checked='checked'" : ''}/></td>
                </tr>
                <tr>
                    <td colspan="2" class="submit"><input type='submit' value='Login'/></td>
                </tr>
            </table>
        </form>
        <p class="forgot"><g:link action="forgotPassword">Forgot your password?</g:link></p>
    </div>
    <script type='text/javascript'>

        (function() {
            document.forms['loginForm'].elements['j_username'].focus();
        })();
        function formSubmit() {
            var e = document.getElementById("username");
            e.value = e.value.toLowerCase();
            return true;
        }
    </script>
</body>

UPDATE 1:

Alright when I debugged this is what I see in my stacktrace. Fail to understand I am using the same password that I stored while registering the user. 

2011-07-31 10:09:55,463 [http-8090-1] DEBUG dao.DaoAuthenticationProvider  - Authentication failed: password does not match stored value 
2011-07-31 10:09:55,463 [http-8090-1] DEBUG rememberme.TokenBasedRememberMeServices  - Interactive login attempt was unsuccessful. 
2011-07-31 10:09:55,463 [http-8090-1] DEBUG rememberme.TokenBasedRememberMeServices  - Cancelling cookie 
2011-07-31 10:09:55,504 [http-8090-1] DEBUG web.DefaultRedirectStrategy  - Redirecting to '/wr/login/authfail?login_error=1' 
2011-07-31 10:09:55,504 [http-8090-1] DEBUG context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed 
2011-07-31 10:09:55,537 [http-8090-1] DEBUG web.FilterChainProxy  - Converted URL to lowercase, from: '/login/authfail'; to: '/login/authfail' 
2011-07-31 10:09:55,537 [http-8090-1] DEBUG web.FilterChainProxy  - Candidate is: '/login/authfail'; pattern is /**; matched=true
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found my mistake, I wish I knew how to use those debug in log4j. It was such a trivial but costed me lot of time and effort.

    The issue was I encrypted the password using springSecurityService.encrypt(password), but didnt set that in the User object that I created and hence there was a mismatch in password comparisions and fails.

    • 0