Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring security core plugin - How to access User id from a hidden field

I'm trying to set a hiddenField in a "create" view, where the field is set to the id of the currently logged in user. Which you get from the "springSecurityService.principal.id" property.

I was wondering if it was possible to do this exclusively from the template instead of passing the value from a controller. e.g.

<%@ page import="grails.plugins.springsecurity.SpringSecurityService" %>
<% def springSecurityService %>

<html>
...
...
<g:hiddenField name="user.id" value="${springSecurityService.principal.id}"/>
...

I tried this code, but ended up getting a NullPointer exception with reference to the "principal" property.

Is there any way to do this or do I have to explicitly pass the id of the currently logged in user from the "create" method?

NOTE: Yes I know that it's trivial for anyone to construct a POST request with a doctored hidden field. There are checks in the controller code to ensure that the currently logged in user can only create, edit, delete their own posts. My question is more to do with not having to type out the code to pass the currently logged in user to three different views.

like image 902
srkiNZ84 Avatar asked Nov 30 '22 03:11

srkiNZ84


1 Answers

try using following syntax

<g:hiddenField name="user.id" value="${sec.loggedInUserInfo(field:"id")}"/>
like image 143
Ben W Avatar answered Dec 05 '22 13:12

Ben W