In Grails 3.0, how do you specify that Spring Boot Security should use BCrypt for password encoding?
The following lines should provide a sense of what I think needs to be done (but I'm mostly just guessing):
import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
PasswordEncoder passwordEncoder
passwordEncoder(BCryptPasswordEncoder)
My application loads spring-boot-starter-security
as a dependency:
build.gradle
dependencies {
...
compile "org.springframework.boot:spring-boot-starter-security"
And I have a service wired up for userDetailsService
using:
conf/spring/resources.groovy
import com.example.GormUserDetailsService
import com.example.SecurityConfig
beans = {
webSecurityConfiguration(SecurityConfig)
userDetailsService(GormUserDetailsService)
}
I have the following code in grails-app/conf/spring/resources.groovy
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
beans = {
bcryptEncoder(BCryptPasswordEncoder)
}
and I have a java file which does the configuration as described by spring-security
. It should be possible to do it in groovy too, but I did it in java.
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
BCryptPasswordEncoder bcryptEncoder;
@Autowired
UserDetailsService myDetailsService
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// userDetailsService should be changed to your user details service
// password encoder being the bean defined in grails-app/conf/spring/resources.groovy
auth.userDetailsService(myDetailsService)
.passwordEncoder(bcryptEncoder);
}
}