问题
I am newbie in Grails. I am using Spring Security Grails plugin for Authentication purpose. I want to get current user in my view gsp file.
I am trying like this ...
<g:if test="${post.author == Person.get(springSecurityService.principal.id).id }">
<g:link controller="post" action="edit" id="${post.id}">
Edit this post
</g:link>
</g:if>
Here I want to show Edit this post link to only those posts who created by signed_in user. But It showing ERROR -
Error 500: Internal Server Error
URI
/groovypublish/post/list
Class
java.lang.NullPointerException
Message
Cannot get property 'principal' on null object
Here is my Post.groovy --
class Post {
static hasMany = [comments:Comment]
String title
String teaser
String content
Date lastUpdated
Boolean published = false
SortedSet comments
Person author
....... more code ....
Here is my Person.groovy Domain Class File --
class Person {
transient springSecurityService
String realName
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
byte[] avatar
String avatarType
static hasMany = [followed:Person, posts:Post]
static searchable = [only: 'realName']
........ more code ......
Please help.
回答1:
Try tags provided by springSecurity plugin, something like:
<sec:isLoggedIn>
<g:link controller="post" action="edit" id="${post.id}">
Edit this post
</g:link>
</sec:isLoggedIn>
Actually you are trying to inject a service on your GSP page, you can do it with some import statement on the page, but I would say it will not be good programming practice, I think you should send current logged In user's instance from the controller to the GSP page, and then perform a check on it:
let say you have the controller method:
def showPostPage(){
Person currentLoggedInUser = springSecurityService.getCurrentUser();
[currentLoggedInUser:currentLoggedInUser]
}
and on your GSP page:
<g:if test="${post.author == currentLoggedInUser }">
<g:link controller="post" action="edit" id="${post.id}">
Edit this post
</g:link>
</g:if>
回答2:
You can use the Spring Security Taglibs. For what you want to do, check if logged in user is owner of post, you can do the following:
<sec:isLoggedIn>
<g:if test="${post.author.id == sec.loggedInUserInfo(field: 'id')}">
<g:link controller="post" action="edit" id="${post.id}">
Edit this post
</g:link>
</g:if>
</sec:isLoggedIn>
If you find you need to do this check a lot, I would suggest putting it into a custom taglib
class AuthTagLib {
def springSecurityService
def isOwner = { attrs, body ->
def loggedInUser = springSecurityService.currentUser
def owner = attrs?.owner
if(loggedInUser?.id == owner?.id) {
out << body()
}
}
}
Then use it like so
<g:isOwner owner="${post?.author}">
<g:link controller="post" action="edit" id="${post.id}">
Edit this post
</g:link>
</g:isOwner>
回答3:
It looks like, the existing tags, which are part of Spring Security plugin are not sufficient for you, correct? See: http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/6%20Helper%20Classes.html#6.1%20SecurityTagLib
My advice is to add a new method to the Person entity, which takes a Post as an argument and returns true/false, if it can be edited (or vise versa add new method to Post entity, which takes Person as an argument, this is up to your decision).
You can then create your own tag, which utilizes this method, makes your GPS nicer, even if it is not a mandatory step.
回答4:
Another way would be to create a Filter and put the User in the request scope as part of the filter, like this:
class SetCurrentUserFilters {
def springSecurityService
def filters = {
all(controller: '*', action: '*') {
before = {
if (springSecurityService.isLoggedIn()){
request.setAttribute("current_user", springSecurityService.currentUser);
}
}
after = { Map model ->
}
afterView = { Exception e ->
}
}
}
}
Then your GSP just needs to look for the 'current_user' attribute, like this:
<g:if test="${current_user.property}"> ... </g:if>
来源:https://stackoverflow.com/questions/17526402/how-to-get-current-user-by-using-spring-security-grails-plugin-in-gsp