Tuesday, 31 May 2011

Custom Password Encoder for Grails Spring-Security Plugin

The spring-security (core and others) plugin is very handy for incorporating user (and role) based functionalities for a grails application. The plugin comes with a lot of features out-of-the-box. And more often than not, some of the basic features can be used as is. However, there are occasions when a little bit of customization might be required.

In this project, I was required to use a custom password encryption algorithm. The spring-security plugin uses the 'SHA-256' algorithm by default. This can be changed to use other standard algorithms (MD2, MD5 etc.) by adding the following lines (if, for example, MD5 encoding is required) in /grails-app/conf/Config.groovy:
grails.plugins.springsecurity.password.algorithm="MD5"
But what I wanted was to use a custom algorithm of our own, not the standard ones. Fortunately, this is again, very easy. Because of Spring's dependency injection, we can easily create our own password encoder and inject it. The steps to do the same are explained here.

No comments:

Post a Comment

 
Copyright David Bourget and University of London, 2011. This blog's content is license under the Attribution-ShareAlike license.