我在我的grails项目中使用spring安全核心插件,Person域看起来像这样。
class User {
transient springSecurityService
//Mandatory Fields
String employeeId
String firstName
String lastName
String password
String emailId
//Other Fields
String department
String extn
String mobileNumber
String address
String city
String zipCode
String country
User manager
static hasMany = [previousPasswords: String]
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static transients = ['springSecurityService']
static constraints = {
employeeId blank: false, unique: true
firstName blank: false
lastName blank: false
password blank: false, password: true, validator: {val, obj ->
if(obj.previousPasswords) {
println "-----------------------1-------------------------"
println "obj.previousPasswords: " + obj.previousPasswords
println "val: " + val
if (obj.isDirty('password')) {
println "-----------------------2-------------------------"
if(obj.previousPasswords.contains(val)) {
obj.errors.rejectValue(
'password',
'user.password.duplicated',
'Repeat passwords are not allowed')
return false
}
println "-----------------------3-------------------------"
obj.addToPreviousPasswords(val)
return true
}
} else {
println "-----------------------4-------------------------"
obj.addToPreviousPasswords(val)
return true
}
}
emailId blank: false, email: true
department nullable: true
extn nullable: true
mobileNumber nullable: true
address nullable: true
city nullable: true
zipCode nullable: true
country nullable: true
manager nullable: true
}
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
def beforeInsert() {
println "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
println "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
我必须确保密码不重复,为此我为'password'字段编写了一个自定义验证器
我的集成测试是这样的
void "Test if previous passwords can be re-used"() {
given:
def user = new User(employeeId: "empId1", firstName: "f_name", lastName: "l_name", password: "password", emailId: "test@hptest.com", mobileNumber: "(111) 111-1111", address: "350 Fifth Avenue, 34th floor", city: "New York", zipCode: "10007")
println "&&&&&&&&&&&&&&&&&&& 1 &&&&&&&&&&&&&&&&&&&&&&"
user.springSecurityService = springSecurityService
println "&&&&&&&&&&&&&&&&&&& 2 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true, failOnError: true)
when: 'password is repeated'
user.password = "password"
println "&&&&&&&&&&&&&&&&&&& 3 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true)
then: 'validation fails'
!user.validate()
user.errors.getFieldError("password").codes.contains("validator.invalid")
when: 'password is not repeated'
user.password = "password@123"
then: 'validation succeeds'
println "&&&&&&&&&&&&&&&&&&& 4 &&&&&&&&&&&&&&&&&&&&&&"
user.validate()
println "&&&&&&&&&&&&&&&&&&& 5 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true)
}
我得到的输出是这样的
&&&&&&&&&&&&&&&&&&& 1 &&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&&&&&&&& 2 &&&&&&&&&&&&&&&&&&&&&&
-----------------------4-------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-----------------------1-------------------------
obj.previousPasswords: [password]
val: $2a$10$mxFM9S7mEoOdyRo6xJL9/uzVafUgc0.8r1rd4nzBYM45s2cE8TTDi
&&&&&&&&&&&&&&&&&&& 3 &&&&&&&&&&&&&&&&&&&&&&
-----------------------1-------------------------
obj.previousPasswords: [password]
val: password
-----------------------2-------------------------
-----------------------1-------------------------
obj.previousPasswords: [password]
val: password
如果您仔细研究代码和输出,您会发现对于每个保存操作,验证器函数被调用两次。
有谁能告诉我这是什么原因吗?这可能是由于我在验证器中使用的addTo方法吗?我该怎么说呢?删除自定义验证。
当用户修改密码时,检查previousPasswords中是否已经存在该密码。如果存在,则给出已使用的消息。如果没有,用新密码保存用户,并将其添加到previousPasswords中。
def changePassword(){
def userIns = User.get(params.userId)
def previousPasswords = userIns.previousPasswords()
def exists = previousPasswords.find{it == params.newPassword}
if(exists){
msg = "Already Used. Give new"
render changepassword screen
return false
}
else{
userIns.password = params.newPw
userIns.addToPreviousPasswords(params.newPw)
userIns.save(flush:true)
msg = "successfully changed"
}
}