How can I get plaintext password from spring-security?

About

Asked 23/2, 2011 at 7:59 Answered 23/2, 2011 at 8:22

Solved grails spring-security spring-ldap

I use Grails + spring-security + LDAP to authenticate users. The authentication works now but I need the plain text password to authenticate a second service.

I tried the SpringSecurityService properties but none contains the password.

Do I have to implement my own UserDetailsMapper or does the LdapUserDetailsMapper also provide the mapping of the plain text password retrieved from the web form?

Okhotsk answered 23/2, 2011 at 7:59 Comment(0)

You can get the credentials from the org.springframework.security.core.context.SecurityContextHolder. However, I really don't think it is a good idea to use this. You will not be able to use the 'remember-me' nor the 'run-as' or 'switch-user' functionality, because thne the credentials would not contain the current user's password (they will probably be null). Also, I don't think you would get the plaintext password if using anything other than basic HTML authentication or form authentication.

Anyhow, SecurityContextHolder.getContext().getAuthentication().getCredentials() will get you the plaintext password if using form authentication.

Manganin answered 23/2, 2011 at 8:22 Comment(2)

There is an erase-credentials setting for spring security. Setting it to false may help retrieve the password. However, I have no idea where this setting goes. I'm looking for where to put the setting and found this post. – Fie 19/7, 2017 at 15:21

Found it. Try adding to Config.groovy: grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication = false – Fie 19/7, 2017 at 15:25

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags