12

I recently moved from the JSecurity plugin to Spring Security. How do I get the authenticated user from within my controllers?

Mike Sickler
  • 33,662
  • 21
  • 64
  • 90

6 Answers6

15

It's not currently documented, but in the plugin installation file, there are 3 methods that it adds to every controller so that you don't actually have to inject the authenticationService:

private void addControllerMethods(MetaClass mc) {
    mc.getAuthUserDomain = {
        def principal = SCH.context?.authentication?.principal
        if (principal != null && principal != 'anonymousUser') {
            return principal?.domainClass
        }

        return null
    }

    mc.getPrincipalInfo = {
        return SCH.context?.authentication?.principal
    }

    mc.isUserLogon = {
        def principal = SCH.context?.authentication?.principal
        return principal != null && principal != 'anonymousUser'
    }
}

This means that you can just call

principalInfo

To get the principal object. It also has "isUserLogin" to see if the user is logged and "authUserDomain" to get the actual domain class instance (the Person/User) associated with the principal of the logged in user.

Ted Naleid
  • 26,511
  • 10
  • 70
  • 81
  • I spent an hour and a half banging my head against the keyboard trying to get Acegi plug to work with the File Upload pattern shown in http://www.packtpub.com/article/file-sharing-in-grails until I found this. Thanks! – Visionary Software Solutions Nov 16 '09 at 07:08
  • 4
    Now the method getPrincipalInfo is called getAuthenticateduser, but thanks for the good tip! – lucke84 Jan 14 '13 at 16:55
  • @lucke84 Looks like you're right: http://grails-plugins.github.io/grails-spring-security-core/guide/controllerMetaClassMethods.html - all the methods seem to have changed names in modern versions of this plugin – Ian Aug 06 '14 at 18:51
13

The following code is from the Spring Security Core Plugin (Version: 1.1.2) - Reference Documentation - Section 6.2

grails.plugins.springsecurity.SpringSecurityService provides security utility functions. It is a regular Grails service, so you use dependency injection to inject it into a controller, service, taglib, and so on:

class SomeController {
    def springSecurityService
    def someAction = { 
        def user = springSecurityService.currentUser 
        …
    } 
}
Chris
  • 3,552
  • 2
  • 26
  • 36
10

I'm using 0.5.1 and the following works for me:

class EventController {
  def authenticateService

  def list = { 
     def user = authenticateService.principal() 
     def username = user?.getUsername()
     .....
     .....
  } 
}
John Wagenleitner
  • 10,967
  • 1
  • 40
  • 39
  • Great- thanks! Just a typo in your above code. It should be def username = user?.getUsername() – Mike Sickler Apr 22 '09 at 00:56
  • 3
    Please note there have been some changes with the new version of Spring Security. [See here for example code for Spring Security version 1.1.2](http://stackoverflow.com/questions/775053/grails-and-spring-security-how-do-i-get-the-authenticated-user-from-within-a-con/6270545#6270545) – Chris Jun 07 '11 at 19:34
  • also note that if you use service, then initialization should ne not in method body but in class. – changtung Oct 29 '14 at 08:43
5

Nowadays, I think the way to do it is:

def user = getAuthenticatedUser()
chelder
  • 3,819
  • 6
  • 56
  • 90
2

You can get current User by this way also

 class AnyController {
  def springSecurityService
  def someAction = { 
    def user = User.get(springSecurityService.principal.id)

     } 
 }
Free-Minded
  • 5,322
  • 6
  • 50
  • 93
0

Use this code: 

if (springSecurityService.isLoggedIn()){   
        println "Logged In"

    }
Bo Persson
  • 90,663
  • 31
  • 146
  • 203
Varaj Vignesh
  • 341
  • 1
  • 7