How to get current_user by using Spring Security Grails plugin in GSP

Question

I am newbie in Grails. I am using Spring Security Grails plugin for Authentication purpose. I want to get current user in my view gsp file.

I am trying like this ..

Answer 1

Try tags provided by springSecurity plugin, something like:

<sec:isLoggedIn>

  <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>

</sec:isLoggedIn>

Actually you are trying to inject a service on your GSP page, you can do it with some import statement on the page, but I would say it will not be good programming practice, I think you should send current logged In user's instance from the controller to the GSP page, and then perform a check on it:

let say you have the controller method:

def showPostPage(){
Person currentLoggedInUser = springSecurityService.getCurrentUser();
[currentLoggedInUser:currentLoggedInUser]
}

and on your GSP page:

<g:if test="${post.author == currentLoggedInUser }">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>

Answer 2

It looks like, the existing tags, which are part of Spring Security plugin are not sufficient for you, correct? See: http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/6%20Helper%20Classes.html#6.1%20SecurityTagLib

My advice is to add a new method to the Person entity, which takes a Post as an argument and returns true/false, if it can be edited (or vise versa add new method to Post entity, which takes Person as an argument, this is up to your decision).

You can then create your own tag, which utilizes this method, makes your GPS nicer, even if it is not a mandatory step.

Answer 3

Another way would be to create a Filter and put the User in the request scope as part of the filter, like this:

class SetCurrentUserFilters {
    def springSecurityService
    def filters = {
        all(controller: '*', action: '*') {
            before = {
                if (springSecurityService.isLoggedIn()){
                    request.setAttribute("current_user", springSecurityService.currentUser);
                }
            }
            after = { Map model ->

            }
            afterView = { Exception e ->

            }
        }
    }
}

Then your GSP just needs to look for the 'current_user' attribute, like this:

<g:if test="${current_user.property}"> ... </g:if>

Answer 4

You can use the Spring Security Taglibs. For what you want to do, check if logged in user is owner of post, you can do the following:

<sec:isLoggedIn>
<g:if test="${post.author.id == sec.loggedInUserInfo(field: 'id')}">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>
</sec:isLoggedIn>

If you find you need to do this check a lot, I would suggest putting it into a custom taglib

class AuthTagLib {

  def springSecurityService

  def isOwner = { attrs, body ->
    def loggedInUser = springSecurityService.currentUser
    def owner = attrs?.owner

    if(loggedInUser?.id == owner?.id) {
      out << body()
    }
  }
}

Then use it like so

<g:isOwner owner="${post?.author}">
  <g:link controller="post" action="edit" id="${post.id}">
    Edit this post
  </g:link>
</g:isOwner>