Configuring Spring Boot Security to use BCrypt password encoding in Grails 3.0

grails spring-security spring-boot bcrypt grails-3.0
Dem Pilafian picture Dem Pilafian · May 27, 2015 · Viewed 14.3k times · Source

In Grails 3.0, how do you specify that Spring Boot Security should use BCrypt for password encoding?

The following lines should provide a sense of what I think needs to be done (but I'm mostly just guessing):

import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

PasswordEncoder passwordEncoder

passwordEncoder(BCryptPasswordEncoder)

My application loads spring-boot-starter-security as a dependency:

build.gradle

dependencies {
   ...
   compile "org.springframework.boot:spring-boot-starter-security"

And I have a service wired up for userDetailsService using:

conf/spring/resources.groovy

import com.example.GormUserDetailsService
import com.example.SecurityConfig

beans = {
   webSecurityConfiguration(SecurityConfig)
   userDetailsService(GormUserDetailsService)
   }

Answer

Julian Ooi picture Julian Ooi · May 31, 2015

I have the following code in grails-app/conf/spring/resources.groovy

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

beans = {
    bcryptEncoder(BCryptPasswordEncoder)
}

and I have a java file which does the configuration as described by spring-security. It should be possible to do it in groovy too, but I did it in java.

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    BCryptPasswordEncoder bcryptEncoder;

    @Autowired
    UserDetailsService myDetailsService

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            // userDetailsService should be changed to your user details service
            // password encoder being the bean defined in grails-app/conf/spring/resources.groovy
            auth.userDetailsService(myDetailsService)
                .passwordEncoder(bcryptEncoder);
    }
}

Related questions

Client does not have permissions to send as this sender (office 365, grails)

I am continuously receiving following error message while trying to configure grails mail plugin (https://grails.org/plugin/mail) for grails spring security plugin. Here is my configuration looks so far, grails { mail { host = "smtp.office365.com" port = 587 username = "info@…

Read More
How to get current user role with spring security plugin?

I am using the spring-security-core plugin in my grails app. I need to know the current user's role in a controller action. How can I retrieve that?

Read More
Grails Spring Security: redirect after login success/failure

I'm using version 1.2 of the Spring Security plugin in a Grails application. I want login attempts to be handled in the following way: Success if the login was triggered by an attempt to access a protected page, send them to …

Read More