Search code examples
grailsspring-security

How can login by username and password using spring-security?

Grails 3. I can't able to login successfully using spring-security. I have made username and password by def init = { servletContext ->. Code example below.

Error type: http://localhost:8080/login/auth?login_error=1

dependency: compile 'org.grails.plugins:spring-security-core:3.1.2'

HTML Code

<body>
    <div class="login-form">

        <form action='${postUrl}' method='POST' id='loginForm'>
            <h2 class="text-center">Log in</h2>
            <div class="form-group">
                <input type="text" class="form-control" name='j_username' id="j_username" placeholder="Username" required="required">
            </div>
            <div class="form-group">
                <input type="password" class="form-control" name='j_password' id='j_password' placeholder="Password" required="required">
            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-primary btn-block">Log in</button>
            </div>
            <div class="clearfix">
                <label class="pull-left checkbox-inline"><input type="checkbox"> Remember me</label>
                <a href="#" class="pull-right">Forgot Password?</a>
            </div>
        </form>
        <p class="text-center"><a href="${createLink(controller: 'login', action: 'newRegister')}">Create an Account</a></p>
    </div>
    </body>
</html>

Login controller and methods 

  @Secured('permitAll')
    class LoginController {
        AuthenticationTrustResolver authenticationTrustResolver
        def springSecurityService

        def index() {
            if (springSecurityService.isLoggedIn()) {
                redirect uri: conf.successHandler.defaultTargetUrl
            }
            else {
                redirect action: 'auth', params: params
            }

        }

def auth () {

    def conf = getConf()

    if (springSecurityService.isLoggedIn()) {
        redirect uri: conf.successHandler.defaultTargetUrl
        return
    }

    String postUrl = request.contextPath + conf.apf.filterProcessesUrl
    render view: 'auth', model: [postUrl: postUrl,
                                 rememberMeParameter: conf.rememberMe.parameter,
                                 usernameParameter: conf.apf.usernameParameter,
                                 passwordParameter: conf.apf.passwordParameter]
}

def loginSuccess(){

    redirect(controller: 'registerUser', action: 'index')
    return

}

def authAjax() {
    response.setHeader 'Location', conf.auth.ajaxLoginFormUrl
    render(status: HttpServletResponse.SC_UNAUTHORIZED, text: 'Unauthorized')
}

def ajaxSuccess() {
    render([success: true, username: authentication.name] as JSON)
}

def ajaxDenied() {
    render([error: 'access denied'] as JSON)
}
protected ConfigObject getConf() {
    SpringSecurityUtils.securityConfig
}

protected org.springframework.security.core.Authentication getAuthentication() {
    SecurityContextHolder.context?.authentication
}

BootStrap.Groovy

def init = { servletContext ->
        def authorities = ['ROLE_ADMIN']
        authorities.each {
            if ( !Role.findByAuthority(it) ) {
                new Role(authority: it).save()
            }
        }
        if ( !User.findByUsername('[email protected]') ) {
            def u = new User(username: '[email protected]', password: 'admin')

            u.save()
            def ur = new UserRole(user: u, role:  Role.findByAuthority('ROLE_ADMIN'))
            ur.save()
        }
    }

Application.Groovy

grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/login/loginSuccess'

Domain class

@GrailsCompileStatic
@EqualsAndHashCode(includes='username')
@ToString(includes='username', includeNames=true, includePackage=false)
class User implements Serializable {

    private static final long serialVersionUID = 1

    SpringSecurityService springSecurityService

    String username
    String password
    String firstName
    String lastName
    String address
    String phoneNo
    String dateOfBirth
    boolean enabled = true
    boolean accountExpired
    boolean accountLocked
    boolean passwordExpired

    Set<Role> getAuthorities() {
        (UserRole.findAllByUser(this) as List<UserRole>)*.role as Set<Role>
    }

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {
        password = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(password) : password
    }

    static transients = ['springSecurityService']

    static constraints = {
         username blank: false, unique: true
         password blank: false, password: true
         firstName nullable: true
         lastName nullable: true
         address nullable: true
         phoneNo nullable: true
         dateOfBirth nullable: true
         password nullable: false
    }

    static mapping = {
        password column: '`password`'
    }
}
Solution

  • Finally I got the solution

    username and password should be:

    name='username'
password='password'

    instead of

    name='j_username'
password='j_password'