tags:

views:

485

answers:

5

I have a grails 1.2 app and I want to use declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages are shown neither in the console nor in the stacktrace file. I added "warn 'org.jsecurity'" to Config.groovy with no results. Any hints/tricks to troubleshoot this ?

A: 

Did you run the quick-start? Are you using the default database realm?

I would debug through the Realm you're using and see what's going on.

leebutts
I did run the quick-start and a "ShiroUser" is created in the DB via the Bootstrap. How can I debug through the realm ? Thanks in advance.
xain
quick-start should have created a default realm then. How you debug depends on your IDE but you can start up grails with grails-debug run-app and the debugger will be listening on the default port. You just need to connect your IDE to it and set a break point in grails-app/realms/ShiroDbRealm.groovy
leebutts
A: 

I can't help with the shiro troubleshooting, but if you're looking for a more powerful solution you might want to check out nimble. It's based on shiro and offers a lot of additional features and flexibility.

You can install the latest with:
grails install-plugin nimble 0.4-SNAPSHOT

nimble documentation

Brandon
A: 

did you make any progress with the shiro integration? I've the same problem ... everything seems to be fine, user is in database, Sha1 is ok etc., but Login page always says "Invalid username and/or password"

I tracked the values of authToken in the Controller class and the values are ok (corresponding to username and password in the BootStrap).

Thanks! Niki

Niki
A: 

ok debugging was easy via ShiroDbRealm.groovy ... I just forgot to update the import of ShiroUser.groovy ehem ehem ... normally the IDE checks that, but the IDE refactoring support for groovy projects isn't as good as you might expect.

Cheers, Niki

Niki
+1  A: 

I ran into this problem as well... how are you saving the password for the user? After running quick start I followed the example on the Shiro plugin page and added the code below to my bootstrap init method:

import org.apache.shiro.crypto.hash.Sha512Hash

def user = new ShiroUser(username: "user123", passwordHash: new Sha512Hash("password").toHex())
user.save()

I would attempt to login and would continue to get a login failed. So I tried

def user = new ShiroUser(username:'admin', passwordHash:new Sha256Hash("admin").toHex())
user.save()

After changing from Sha512Hash to Sha256Hash... I was able to login!

UPDATE: Just created a new app with default Shiro Plugin settings after running 'quick-start'. If you are to create a user, you are going to want to use Sha256Hash out of the box. However, you can use Sha512Hash or Sha1Hash by adding the bean to your resources.groovy file for Spring.

Example for Sha512Hash:

beans = {
  bean {
    credentialMatcher(Sha512CredentialsMatcher) {
      storedCredentialsHexEncoded = true
    }
  }
}

croteau
Yep.. created a new grails app with a fresh install of Shiro plugin. Created a user with passwordHash set to Sha512Hash and another with Sha256Hash. Default settings is set to Sha256Hash.. login failed with the user set to Sha512Hash and successfully logged in with user password set to Sha256Hash!
croteau
Where can I find this in the actual plugin?
croteau