I have a grails 1.2 app and I want to use declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages are shown neither in the console nor in the stacktrace file. I added "warn 'org.jsecurity'" to Config.groovy with no results. Any hints/tricks to troubleshoot this ?
I ran into this problem as well... how are you saving the password for the user? After running quick start I followed the example on the Shiro plugin page and added the code below to my bootstrap init method:
import org.apache.shiro.crypto.hash.Sha512Hash
def user = new ShiroUser(username: "user123", passwordHash: new Sha512Hash("password").toHex())
user.save()
I would attempt to login and would continue to get a login failed. So I tried
def user = new ShiroUser(username:'admin', passwordHash:new Sha256Hash("admin").toHex())
user.save()
After changing from Sha512Hash to Sha256Hash... I was able to login!
UPDATE: Just created a new app with default Shiro Plugin settings after running 'quick-start'. If you are to create a user, you are going to want to use Sha256Hash out of the box. However, you can use Sha512Hash or Sha1Hash by adding the bean to your resources.groovy file for Spring.
Example for Sha512Hash:
beans = {
bean {
credentialMatcher(Sha512CredentialsMatcher) {
storedCredentialsHexEncoded = true
}
}
}