Does spring-security-cas work with mapped User table names?

Printable View

Aug 28th, 2012, 01:18 PM
RBFinch

Does spring-security-cas work with mapped User table names?

I'm using Grails 2.1.0, spring-security-core 1.2.7.3, and spring-security-cas 1.0.5 on Oracle 11g.

When I create Spring Security domain classes with:

Code:

grails s2-quickstart my.package User Role

and map table names for User and Role to avoid errors with Oracle reserved table names, I cannot log in to the application. When I try to access a secured URL, j_spring_security_check redirects to http://myhost:8080/MyApp/login/authfail?login_error=1 with the message:

Sorry, we were not able to find a user with that username and password.

I've checked that my tables contain correct records that match the username returned by CAS.

If I create another app and use:

Code:

grails s2-quickstart my.package TestUser TestRole

without mapping table names in TestUser and TestRole, it works fine.

Is this expected behavior or should I be able to map User and Role to different table names?
Aug 28th, 2012, 01:37 PM
burtbeckwith

If a table or column name is a reserved name, either change the class or field name so the generated database name is ok, or use the mapping block to specify a different database name:

Code:

static mapping = { table "users" }

or to quote the name so it's properly escaped. Hibernate will use the backtick character as an indicator to quote the name using the correct approach for the database you're using:

Code:

static mapping = { table "`user`" }
Aug 28th, 2012, 01:54 PM
RBFinch

Quote:

Originally Posted by burtbeckwith

If a table or column name is a reserved name, either change the class or field name so the generated database name is ok, or use the mapping block to specify a different database name:

That's what I did; in User.groovy I have:

Code:

static mapping = { table 'image_users' password column: '`password`' }

and in Role.groovy I have:

Code:

static mapping = { table 'image_roles' cache true }

When I do that, I get the error I mentioned in the OP when I try to access a secured URL. If I do it instead by renaming the domain class, it works.

I can work around the problem by changing the domain class, but I'm wondering why changing the table name in mapping does not work.
Aug 28th, 2012, 01:58 PM
burtbeckwith

Are you double-encoding the password? The newer User domain class encodes the password, so if you're also encoding it with springSecurityService.encodePassword() you'll see this. But that should be independent of the domain class name.

If that's not it, crank up the logging by adding

Code:

debug 'org.springframework.security'

in the log4j block in Config.groovy and there should be useful info there.