Grails and Spring Security: How do I get the authenticated user from within a controller?

Question

I recently moved from the JSecurity plugin to Spring Security. How do I get the authenticated user from within my controllers?

Answer 1

It's not currently documented, but in the plugin installation file, there are 3 methods that it adds to every controller so that you don't actually have to inject the authenticationService:

private void addControllerMethods(MetaClass mc) {
    mc.getAuthUserDomain = {
        def principal = SCH.context?.authentication?.principal
        if (principal != null && principal != 'anonymousUser') {
            return principal?.domainClass
        }

        return null
    }

    mc.getPrincipalInfo = {
        return SCH.context?.authentication?.principal
    }

    mc.isUserLogon = {
        def principal = SCH.context?.authentication?.principal
        return principal != null && principal != 'anonymousUser'
    }
}

This means that you can just call

principalInfo

To get the principal object. It also has "isUserLogin" to see if the user is logged and "authUserDomain" to get the actual domain class instance (the Person/User) associated with the principal of the logged in user.

Answer 2

The following code is from the Spring Security Core Plugin (Version: 1.1.2) - Reference Documentation - Section 6.2

grails.plugins.springsecurity.SpringSecurityService provides security utility functions. It is a regular Grails service, so you use dependency injection to inject it into a controller, service, taglib, and so on:

class SomeController {
    def springSecurityService
    def someAction = { 
        def user = springSecurityService.currentUser 
        …
    } 
}