Grails transient properties not picked up on object creation

Question

After migrating from Grails 1.3.7 to 2.0.4 I have noticed a problem with one of my domain classes where I use transient properties in order to handle passwords.

My domain class looks like this (simplified):

   package test

   class User {
String email 
String password1
String password2
//ShiroUser shiroUser

static constraints = {
    email(email:true, nullable:false, unique:true)
    password1(nullable:true,size:5..30, blank: false, validator: {password, obj ->

        if(password==null && !obj.properties['id']){
          return ['no.password']
        }
        else return true
      })
    password2(nullable:true, blank: false, validator: {password, obj ->
         def password1 = obj.properties['password1']

         if(password == null && !obj.properties['id']){
          return ['no.password']
        }
        else{
          password == password1 ? true : ['invalid.matching.passwords']
        }
      })

}
static transients = ['password1','password2']
   }

In 1.3.7 this used to work in my Bootstrap:

    def user1= new User (email: "test@test.com", password1: "123456", password2: "123456")
    user1.save()

However, in Grails 2.0.x this will result in error stating that password1 and password2 are both null. The same thing happens in my controllers if I try to do:

    def user2= new User (params)// params include email,password1 and password2

In order to make it work I have to do the following workaround:

    def user2= new User (params)// params include email,password1 and password2 
    user2.password1=params.password1
    user2.password2=params.password2
    user2.save()

This is quite ugly - and annoying.

Can anyone say if my usage of transients has become invalid in grails 2.x, or if this could be a framework bug of some kind?

score 15 · Accepted Answer · answered Jul 02 '12 at 17:09

15

For security reasons transients are no longer auto-bound. But you can easily make it work by adding in a 'bindable' constraint (see http://grails.org/doc/latest/ref/Constraints/bindable.html). Change

password2(nullable:true, blank: false, validator: {password, obj ->

to

password2(bindable: true, nullable:true, blank: false, validator: {password, obj ->

answered Jul 02 '12 at 17:09

Burt Beckwith

75,342
5
143
156

Thanks Burt - Makes good sense with this security-related change. Was just not aware of the (new?) 'bindable' constraint. – John Doppelmann Jul 02 '12 at 19:52
1

Hey Burt, is this changed in 2.1.0? I have an exact same scenario and for us "cnfPassword" still comes as null! Don't want to open a new thread for the same question :) – Sap Feb 22 '13 at 13:15
2

Hi Burt, it is not working properly in grails 2.4.3. Is there any alternative solution that you can advice? – daimon Oct 18 '14 at 15:57
This does not seem to work in Grails 2.3.9. If the property is transient, bindable: true will not make it bound. – sola Mar 16 '15 at 20:19

score 3 · Answer 2 · answered Jul 02 '12 at 16:20

3

I think as the part of data binding improvement in grails 2.x - it won't bind transient properties.

answered Jul 02 '12 at 16:20

Sudhir N

4,008
1
22
32

1

is there an alternate way to do this then? – Syed Ali Jun 04 '15 at 15:47

Grails transient properties not picked up on object creation

2 Answers2