tags:

views:

23

answers:

2
+1  Q: 

grails Acegi: How to check for expired password

Hi everyone.

This is a branch from this question. Branched out because the original purpose of that question was something else.

I'm looking for the easiest way to check if a password is expired. A password will expire if its older than N days, where N is a value stored in another table.

My User class looks like this:

Security config:
loginUserDomainClass = "com.emp.app.user.User"

/**
 * User domain class.
 */
class User {
   static transients = ['pass','passwordExpired','credentialsNonExpired']
   static hasMany = [authorities: Role]
   static belongsTo = Role
   /** Username */
   String username
   /** User Real Name*/
   String userRealName
   /** MD5 Password */
   String passwd
   /** enabled */
   boolean enabled

   String email
   boolean emailShow

   /** description */
   String description = ''

   /** plain password to create a MD5 password */
   String pass = '[secret]'

   static constraints = {
      username(blank: false, unique: true)
      userRealName(blank: false)
      passwd(blank: false)
      enabled()
   }

   public boolean isCredentialsNonExpired() {

          //Check for the N value
         return true;
   }
}

I added the isCredentialsNonExpired() hoping it would be called on login, when credentials are checked, but it isnt. Is there a way for it to do so?

I'm quite confused about this, not sure if I have to write custom code to replace some acegi functionality or what.

Thanks in advance.

+1  A: 

I think the correct way to do this would be to have your authentication provider decide if a password is expired.

hvgotcodes  2010-10-05 19:48:09
So I would have to write a custom one right ?
Tom  2010-10-05 20:01:43
@tom, i think so.
hvgotcodes  2010-10-05 20:47:39
+2  A: 

I'd do it in a custom UserDetailsService - see http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService

While you're loading the user from the database and populating the UserDetails you have a chance to set credentials expired = true (and/or enabled, accountLocked, and accountExpired).

You'd probably do this by adding a "Date lastPasswordUpdate" field to the User domain class that gets updated every time the user changes the password. Compare that date to today's and if it's more than N days ago, set it to false.

Burt Beckwith  2010-10-05 20:54:32
Got it working, thanks. Now to find out how to redirect to a custom page.
Tom  2010-10-06 18:11:42

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords