How to get current_user by using Spring Security Grails plugin in GSP

Question

I am newbie in Grails. I am using Spring Security Grails plugin for Authentication purpose. I want to get current user in my view gsp file.

I am trying like this ...

<g:if test="${post.author == Person.get(springSecurityService.principal.id).id }">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>

Here I want to show Edit this post link to only those posts who created by signed_in user. But It showing ERROR -

Error 500: Internal Server Error

 URI
    /groovypublish/post/list
 Class
   java.lang.NullPointerException
 Message
   Cannot get property 'principal' on null object

Here is my Post.groovy --

class Post {

static hasMany = [comments:Comment]

String title
String teaser
String content
Date lastUpdated
Boolean published = false
SortedSet comments
Person author

....... more code ....

Here is my Person.groovy Domain Class File --

class Person {

transient springSecurityService

String realName
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
byte[] avatar
String avatarType

static hasMany = [followed:Person, posts:Post]
static searchable = [only: 'realName']
    ........ more code ......

Please help.

score 15 · Answer 1 · edited Dec 24 '16 at 01:41

You can use the Spring Security Taglibs. For what you want to do, check if logged in user is owner of post, you can do the following:

<sec:isLoggedIn>
<g:if test="${post.author.id == sec.loggedInUserInfo(field: 'id')}">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>
</sec:isLoggedIn>

If you find you need to do this check a lot, I would suggest putting it into a custom taglib

class AuthTagLib {

  def springSecurityService

  def isOwner = { attrs, body ->
    def loggedInUser = springSecurityService.currentUser
    def owner = attrs?.owner

    if(loggedInUser?.id == owner?.id) {
      out << body()
    }
  }
}

Then use it like so

<g:isOwner owner="${post?.author}">
  <g:link controller="post" action="edit" id="${post.id}">
    Edit this post
  </g:link>
</g:isOwner>

In my case the tag is `` working. I follow your code. now `Edit this Post` is not showing to any posts — Free-Minded, Jul 08 '13 at 12:38
Nice works. But any idea why sec.username == 'my user' does not work. — Vishnoo Rath, Mar 08 '17 at 08:49

Saurabh Dixit · Accepted Answer · 2013-07-08T12:54:14.123

7

Try tags provided by springSecurity plugin, something like:

<sec:isLoggedIn>

  <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>

</sec:isLoggedIn>

Actually you are trying to inject a service on your GSP page, you can do it with some import statement on the page, but I would say it will not be good programming practice, I think you should send current logged In user's instance from the controller to the GSP page, and then perform a check on it:

let say you have the controller method:

def showPostPage(){
Person currentLoggedInUser = springSecurityService.getCurrentUser();
[currentLoggedInUser:currentLoggedInUser]
}

and on your GSP page:

<g:if test="${post.author == currentLoggedInUser }">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>

edited Jul 08 '13 at 12:54

answered Jul 08 '13 at 12:31

Saurabh Dixit

633
4
16

This only tell you are singed_in or not ? Actually I am using follow feature where user can see posts of followers also. Now He can not edit other posts. But right now it showing Edit this post button. I just want to show this button to those who created by current_user only. – Free-Minded Jul 08 '13 at 12:34
I have edited the answer as per your needs, please have a look – Saurabh Dixit Jul 08 '13 at 12:54
2

At Grails 2.4.4 the right tag is: `````` – MAGx2 Apr 19 '15 at 10:08

score 0 · Answer 3 · edited Sep 22 '21 at 06:32

It looks like the existing tags, which are part of Spring Security plugin, are not sufficient for you, correct? See documentation

My advice is to add a new method to the Person entity, which takes a Post as an argument and returns true/false, if it can be edited (or vise versa add new method to Post entity, which takes Person as an argument, this is up to your decision).

You can then create your own tag, which utilizes this method, makes your GPS nicer, even if it is not a mandatory step.

score 0 · Answer 4 · answered Oct 21 '15 at 18:12

Another way would be to create a Filter and put the User in the request scope as part of the filter, like this:

class SetCurrentUserFilters {
    def springSecurityService
    def filters = {
        all(controller: '*', action: '*') {
            before = {
                if (springSecurityService.isLoggedIn()){
                    request.setAttribute("current_user", springSecurityService.currentUser);
                }
            }
            after = { Map model ->

            }
            afterView = { Exception e ->

            }
        }
    }
}

Then your GSP just needs to look for the 'current_user' attribute, like this:

<g:if test="${current_user.property}"> ... </g:if>

How to get current_user by using Spring Security Grails plugin in GSP

4 Answers4

Linked