问题
I am using the spring-security-core plugin in my grails app. I need to know the current user's role in a controller action. How can I retrieve that?
回答1:
You can inject springSecurityService into your controller:
def springSecurityService
and then in your action, call:
def roles = springSecurityService.getPrincipal().getAuthorities()
See the docs here.
回答2:
From a controller you can use two methods the plugin adds to the metaclass, getPrincipal and isLoggedIn:
def myAction = {
if (loggedIn) {
// will be a List of String
def roleNames = principal.authorities*.authority
}
}
If the action is secured you can skip the loggedIn/isLoggedIn() check.
回答3:
If you simply need to check to see if a user is in a specific role then use SpringSecurityUtils.ifAllGranted which takes a single String as an argument which contains a comma-delimited list of roles. It will return true if the current user belongs to all of them. SpringSecurityUtils also has methods like ifAnyGranted, ifNotGranted, etc, so it should work for whatever it is you are trying to accomplish.
回答4:
To get the user
def springSecurityService
def principal = springSecurityService.principal
String username = principal.username
回答5:
SecurityContextHolder knows that:
SecurityContextHolder.getContext().getAuthentication().getAuthorities()
回答6:
You can also use getAuthenticatedUser() by itself. This method is automatically injected in every controller, and thus only available from controllers. You will have to use one of the other methods if you want to access the current logged in user from anywhere else.
来源:https://stackoverflow.com/questions/6467167/how-to-get-current-user-role-with-spring-security-plugin