Can't run Grails 4 app with Digest Authentication

[mjlachman]

Thanks for reporting an issue for grails-spring-security-core. Please review the task list below before submitting the issue.

WARNING: Your issue report may be closed if the issue report is incomplete and does not include an example. Make sure the below tasks are completed!

NOTE: If you are unsure about something and the issue is more of a question, a better place to ask questions is on Stack Overflow (http://stackoverflow.com/tags/grails) or Slack (http://slack-signup.grails.org). DO NOT use the issue tracker to ask questions.

Task List

• [x] Steps to reproduce provided
• [x] Stacktrace (if present) provided
• [ ] Example that reproduces the problem uploaded to Github
• [x] Full description of the issue provided (see below)

Steps to Reproduce

1. Create a simple Grails app (using Grails 4.x) and add Spring Security Core plugin.
2. Configure Spring Security Core Plugin to use Digest Authentication according to the guide here. The guide appears to be somewhat out of date regarding Digest because it mentions the call to encodePassword from the user class, but I did not find it there. I set the following three values in application.groovy:

grails.plugin.springsecurity.useDigestAuth    
grails.plugin.springsecurity.digest.realmName
grails.plugin.springsecurity.digest.key      

3. Attempt to run the application (did this via IntelliJ Idea).

Expected Behaviour

The application should start.

Additionally, I think

Actual Behaviour

Received the following stacktrace:

groovy.lang.MissingPropertyException: No such property: DigestAuthPasswordEncoder for class: grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin
	at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.unwrap(ScriptBytecodeAdapter.java:65)
	at org.codehaus.groovy.runtime.callsite.PogoGetPropertySite.getProperty(PogoGetPropertySite.java:51)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGroovyObjectGetProperty(AbstractCallSite.java:309)
	at grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin$_closure4.doCall(SpringSecurityCoreGrailsPlugin.groovy:829)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:101)
	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:263)
	at groovy.lang.MetaClassImpl.invokePropertyOrMissing(MetaClassImpl.java:1276)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1219)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1041)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:821)
	at grails.plugins.Plugin.invokeMethod(Plugin.groovy)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeOnDelegationObjects(ClosureMetaClass.java:397)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:337)
	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:64)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:156)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:168)
	at grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin$_doWithSpring_closure12.doCall(SpringSecurityCoreGrailsPlugin.groovy:534)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:101)
	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:263)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1041)
	at groovy.lang.Closure.call(Closure.java:405)
	at groovy.lang.Closure.call(Closure.java:399)
	at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
	at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
	at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:531)
	at org.grails.plugins.DefaultGrailsPlugin.doWithRuntimeConfiguration(DefaultGrailsPlugin.java:543)
	at org.grails.plugins.AbstractGrailsPluginManager.doRuntimeConfiguration(AbstractGrailsPluginManager.java:166)
	at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:171)
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:275)
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:125)
	at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:705)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:531)
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:96)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:456)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:443)
	at com.mycompany.myproject.Application.main(Application.groovy:11)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)

Environment Information

• Operating System: Windows 10
• GORM Version: 7.0.4.RELEASE
• Grails Version (if using Grails): 4.0.3
• JDK Version: 1.8 (Amazon Corretto)

Example Application

• TODO: link to Github repository with example that reproduces the issue

I do not have a link to an external repository. I think the steps to reproduce should suffice, but if absolutely necessary, I can generate a project and push it to github.

[mjlachman]

I was wondering if any of the maintainers have had a chance to see this yet? It's been 15 days since I filed this bug. As of now, it looks like I'll have to abandon this auth method and use spring-security-ui to create a login page (which I was hoping to avoid).

[erichelgeson]

It looks like DigestAuthPasswordEncoder was removed here https://github.com/grails-plugins/grails-spring-security-core/commit/9d16d9eafbba80d685ddd60e7214ab793485a96d but not all instances were removed https://github.com/grails-plugins/grails-spring-security-core/blob/259383f1a3a44efc63d8cdfe89ce1f922e5c65f8/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy#L829

Not sure if digest will work given this TODO https://github.com/grails-plugins/grails-spring-security-core/blob/259383f1a3a44efc63d8cdfe89ce1f922e5c65f8/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy#L719

[mjlachman]

Thanks. I'll switch to my backup plan then. Any chance the docs could be updated to remove references to Digest auth and/or mark them as unstable?