Upgrade spring-security-core library to 5.0.x

[ddelponte]

The plugin is currently using spring security version 4.2.7.RELEASE as defined in gradle.properties.

A 5.0.x version of spring-security-core is available.

https://mvnrepository.com/artifact/org.springframework.security/spring-security-core

[ddelponte]

The following compilation errors are receieved after upgrading to spring-security version 5.0.6.RELEASE:

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/CryptoEncoderWrapper.groovy: 25: unable to resolve class org.springframework.security.authentication.encoding.PasswordEncoder 
 @ line 25, column 1.
   @SuppressWarnings('deprecation')
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy: 84: unable to resolve class org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
 @ line 84, column 1.
   import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy: 82: unable to resolve class org.springframework.security.authentication.dao.ReflectionSaltSource
 @ line 82, column 1.
   import org.springframework.security.authentication.dao.ReflectionSaltSource
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy: 83: unable to resolve class org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder
 @ line 83, column 1.
   import org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/authentication/dao/NullSaltSource.groovy: 17: unable to resolve class org.springframework.security.authentication.dao.SaltSource
 @ line 17, column 1.
   import org.springframework.security.authentication.dao.SaltSource
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/authentication/encoding/BCryptPasswordEncoder.groovy: 24: unable to resolve class org.springframework.security.authentication.encoding.PasswordEncoder 
 @ line 24, column 1.
   @CompileStatic
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/authentication/encoding/DigestAuthPasswordEncoder.groovy: 37: unable to resolve class org.springframework.security.authentication.encoding.PasswordEncoder 
 @ line 37, column 1.
   @CompileStatic
   ^

/Users/deandelponte/code/grails-spring-security-core/plugin/src/main/groovy/grails/plugin/springsecurity/authentication/encoding/PBKDF2PasswordEncoder.groovy: 30: unable to resolve class org.springframework.security.authentication.encoding.PasswordEncoder 
 @ line 30, column 1.
   @CompileStatic
   ^

8 errors

An informative blog post regarding this issue is available at https://www.harinathk.com/spring/no-passwordencoder-mapped-id-null/

[ddelponte]

Update. It appears that the biggest changes effecting the grails-spring-security plugin are related to PasswordEncoder and SaltSource:

PasswordEncoder and SaltSource

If you were using the old and deprecated PasswordEncoder in core, this has been removed because it requied users to provide a salt and use a SaltSource (also removed). Each of the PasswordEncoder implementations in core have been migrated to the new crypto API with migration instructions in the Javadoc. An example is MessageDigestPasswordEncoder.

More info at https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released

[sjrd218]

@ddelponte Will this plugin be upgraded to work with SS 5.0.x for Grails 4.0?