tags:

views:

520

answers:

2
Q: 

How To Save Spring Security Logged In User In Session

This code get's the currently logged in user, using the Spring Security Plugin (acegi):

def principalInfo = authenticateService.principal()
def person = null
if (principalInfo != "anonymousUser" && principalInfo.username) {
    person = Person.findByUsername(principalInfo.username)
}

I would then like to do:

session.user = person

This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

A: 

Why do you want to do this? The person is already attached to the principal which is in the session. Call authenticateService.userDomain() to access it.

Burt Beckwith  2010-05-30 07:48:12
That almost works, but if you access any related property if fails, e.g. If I doperson = authenticateService.userDomain() company = person.companyI get a LazyInitializationException. Might that be why people have used code like I have above?Is this where I need a custom userDetailsService? Or would setting eager fetching on solve the problem?
Brad Rhoads  2010-05-30 20:11:58
You could use eager fetching but it's wasteful if you only need it for this use case. To avoid LIEs you can either re-attach the instance (def person = authenticateService.userDomain(); person.attach()) or reload it by id (def person = Person.get(authenticateService.userDomain().id)). This is preferable to eager loading since you can do this only when you know it'll be needed - if you just need String, boolean, or numeric properties then there's no need to reattach or reload.
Burt Beckwith  2010-05-31 03:37:42
person.attach() gave me a NonUniqueObjectException but def person = Person.get(authenticateService.userDomain().id) works.Thanks!
Brad Rhoads  2010-05-31 07:14:09
A: 

Spring does not set a user object directly in the session. However they put a SPRING_SECURITY_CONTEXT object in the session. This contains the authenticated user.

The following whould work in your gsp:

${session.SPRING_SECURITY_CONTEXT?.authentication?.authenticated}

or just directly in your controller code. I use this with the Navigation plugin to show certain menu's: 

static navigation = [
        group:'tabs', 
        order:10, 
        isVisible: {  session.SPRING_SECURITY_CONTEXT?.authentication?.authenticated }
    ]

and, to answer your question, you could get the user object like this:

session.SPRING_SECURITY_CONTEXT?.authentication?.principal?
Jeroen Wijdemans  2010-05-31 19:24:49

related questions

How do I get at the goodies in my Grails Config.groovy at runtime?
Running a web app in Grails vs Django
Adding a method to a domain class
Getting Groovy's Grape Going!!!
Groovy question: "except" syntax?
What does it mean for a programming language to be "on rails"?
Groovy parsing JSON vs XML
Parsing XML with multi-line records
How do I redirect a file download using Grails?
Create grails war without version number
What needs checking in for a Grails app?
Grails - Acegi: Customize Authentication Method
J2EE and Grails: Communication with WebServices? Which framework?
Grails 1.0.3 console reports 'premature end of file'
Grails with YUI table example
grails plugin for eclipse and netbeans 6.1
error while using groovy.sql Out parameter.
Rails books?
Rails or Grails?
Is anyone developing facebook apps on Grails
How do I increase the number of default rows per page?
How to check if element in groovy array/hash/collection/list?
How do you access two databases in Grails
How do you change the default homepage in a Grails application?
Learning Ruby on Rails any good for Grails?