How can I get plaintext password from spring-security?

Question

I use Grails + spring-security + LDAP to authenticate users. The authentication works now but I need the plain text password to authenticate a second service.

I tried the SpringSecurityService properties but none contains the password.

Do I have to implement my own UserDetailsMapper or does the LdapUserDetailsMapper also provide the mapping of the plain text password retrieved from the web form?

Answer 1

You can get the credentials from the org.springframework.security.core.context.SecurityContextHolder. However, I really don't think it is a good idea to use this. You will not be able to use the 'remember-me' nor the 'run-as' or 'switch-user' functionality, because thne the credentials would not contain the current user's password (they will probably be null). Also, I don't think you would get the plaintext password if using anything other than basic HTML authentication or form authentication.

Anyhow, SecurityContextHolder.getContext().getAuthentication().getCredentials() will get you the plaintext password if using form authentication.