我用以下插件创建了一个Grails 4.0.2应用程序:
compile 'org.grails.plugins:spring-security-core:4.0.0'
compile 'org.grails.plugins:spring-security-oauth2-provider:4.0.0-RC1'
我遵循了文档:https://bluesliverx.github.io/grails-spring-security-oauth2-provider/v3/manual/index.html
在我尝试使用身份验证后:
curl -X POST
-d "client_id=my-client"
-d "grant_type=password"
-d "username=my-user"
-d "password=my-password"
-d "scope=read" http://localhost:8080/oauth/token
但我收到这个错误:
URI
/oauth/token
Class
java.lang.IllegalArgumentException
Message
There is no PasswordEncoder mapped for the id "null"
Trace
Line | Method
->> 244 | matches in org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 198 | matches in org.springframework.security.crypto.password.DelegatingPasswordEncoder
| 90 | additionalAuthenticationChecks in org.springframework.security.authentication.dao.DaoAuthenticationProvider
| 166 | authenticate in org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
| 175 | authenticate . . . . . . . . . in org.springframework.security.authentication.ProviderManager
| 123 | attemptAuthentication in org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter
| 212 | doFilter . . . . . . . . . . . in org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
| 334 | doFilter in org.springframework.security.web.FilterChainProxy$VirtualFilterChain
| 105 | doFilter . . . . . . . . . . . in org.springframework.security.web.context.SecurityContextPersistenceFilter
| 334 | doFilter in org.springframework.security.web.FilterChainProxy$VirtualFilterChain
| 58 | doFilter . . . . . . . . . . . in grails.plugin.springsecurity.web.SecurityRequestHolderFilter
| 334 | doFilter in org.springframework.security.web.FilterChainProxy$VirtualFilterChain
| 215 | doFilterInternal . . . . . . . in org.springframework.security.web.FilterChainProxy
| 178 | doFilter in ''
| 193 | internalDoFilter .
我找到了这个解决方案:
https://mkyong.com/spring-boot/spring-security-there-is-no-passwordencoder-mapped-for-the-id-null/
但我不知道如何将该解决方案应用于grails项目。
有人能帮我吗?
谢谢,克里斯蒂安
我也遇到了这个问题,但我相信我找到了答案。
将其添加到oauth-plugin-init脚本生成的Client类中:
static mapping = {
autowire true
}
或者将其添加到runtime.groovy中,以默认情况下启用对所有域类的服务注入grails app/conf/runtime.groovy
grails.gorm.default.mapping = {
autowire true
}
至于发生这种情况的原因。Client Domain类在插入之前尝试调用以下代码:
protected void encodeClientSecret() {
clientSecret = clientSecret ?: NO_CLIENT_SECRET
clientSecret = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(clientSecret) : clientSecret
}
但是由于spring安全服务为null,它无法正确编码密码。Grails文档提到,从Grails 3.3.0开始,默认情况下不再在Domain类中注入服务,而是需要注入映射。
我通过在resources.groovy 中设置临时解决了我的问题
beans = {
userSecPasswordEncoderListener(UserSecPasswordEncoderListener)
passwordEncoder(NoOpPasswordEncoder) {
}