Home/ Questions/Q 5848515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T12:52:11+00:00

In grails I can set the password field to have a minimum size constraint

  • 0

In grails I can set the password field to have a minimum size constraint of 5 (arbitrary). The problem is that I use spring security service to encode my password and the encoded/encrypted password is much longer than 5 characters almost no matter what value I put in.

Another forum response suggested doing that validation in the save method. Has anyone else tackled this problem and knows a way around it?

Spring security does not provide a decode method (probably for security purposes)… so I guess one idea would be to get a different password encoder that could decode the password for validation purposes… but my instinct says that spring security leaves this out for a good reason and maybe I should too…

static constraints = {
    username(blank: false, unique: true)
    password(minSize: 5, blank: false, unique: true,
        validator: { passwd, user ->
            return passwd != user.username
    })
    passwordRepeat(nullable: false,
    validator: { passwd2, user ->
        return passwd2 == user.password 
    })
}

So I’m using the static constraints to validate as most other variables are validated this way.

My apologies for the unreadable comment.

Thank you,
-Asaf

Edit: I think a simple fix is as mentioned above, doing the validation in the save method (before encryption), but I just feel like someone somewhere must have had to deal with this issue before. I mean there’s so many websites that require passwords and that yell at you if it’s too short, if it doesn’t contain both lowercase and uppercase letters, if it doesn’t have a symbol… How do all of them do the various validation methods they use?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    you can’t decode what Spring Security encodes… That’s md5 or sha-256 !!! That’s exactly the purpose of the crypting process. Then, you can’t know what’s the password even if the databases files are stolen

    To validate passwords, you need to prompt the user for a clear one, (transmit in https, please) and then encode it with the same algorithm. Then, you have to compare it to the encoded password you stored

    Use the class DigestUtils to encode your received password with the same algorithm used the first time. This is a Spring Security Config grails.plugins.springsecurity.password.algorithm

    And yes, you have to validate before saving… For that we have added a metaclass in Bootstrap

    String.metaClass.validateAsPassword

    to have a unique point from which validating our passwords before saving them

    • 0