2

I am using Spring Security Core Plug In in my grails application. I want to ask One Thing:

How can we access the logged In user Info (Username, id etc.) outside grails application. I want to access it in src/groovy directory. Is there any way for this?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Bilal Ahmed Yaseen
  • 2,506
  • 2
  • 23
  • 48
  • See [my answer](http://stackoverflow.com/questions/26004897/springsecurityservice-log-other-user-out/26009441#26009441) for an example on getting ```SPRING_SECURITY_CONTEXT``` using an ```HttpSessionListener```. It might help get you started. I don't quite understand your second question. Can you use some type of root path such as ```http://www.example.com/downloads/```? – Ken Oct 01 '14 at 09:04
  • Thanks for your first answer. I look into that. Secondly paths are simple for example user may set E:/downloads etc. So files will be downloaded in this directory. And later on when I try to access files from this path I got forbidden. Actuallt, I want to set this path for option [permitAll] so that I may access files in this directory. P.S. I cannot specify this URL in Config static mapping as It may change at rum time – Bilal Ahmed Yaseen Oct 01 '14 at 09:34
  • And regarding your first answer. You are getting springSecurityContext using HTTPSession while in my case I don't have this. I have simple methos let's say abc() { //Here I want to get the name of the Logged IN User } and in that method I want to access that – Bilal Ahmed Yaseen Oct 01 '14 at 09:39
  • If your ```abc()``` method is called from a controller or service, you can pass ```springSecurityContext``` as an argument. Otherwise, I think you'll need access to ```HttpSession``` in your ```src/groovy``` class. I'm still confused about your second question. Do you mean an E:\downloads directory on a user's computer or on your server? Spring Security protects URLs and not file system paths. – Ken Oct 01 '14 at 11:26
  • Yes E:\downloads directory is on a user's computer. User actually is mentioning the path where he wants the downloads to take place. Now, the files are stored in user's specified path but issue comes when application tries to access files from this directory. Spring Security is restricting access to this path which I don't want to – Bilal Ahmed Yaseen Oct 01 '14 at 12:00
  • you have to split your question, otherwise it WILL get closed for being to broad – injecteer Oct 01 '14 at 14:12
  • if you want to access the user out of some classes under `/src` it doesn't mean "access from outside of the grails app" at all. It simply means that additional effort is required to do that. See my answer for details – injecteer Oct 01 '14 at 14:15

1 Answers1

2

if you want to access the UserDetails instance not from Grails artifact, you have 3 options:

1) you can pass springSecurityService as a method argument or get it from grailsApplication or applicationContext as a spring-bean. As soon as you have the service at hand, you can call springSecurityService.currentUser to get the user details

2) you can grab it out of httpSession by SPRING_SECURITY_CONTEXT as a session attribute.

3) you can grab it from ThreadLocal variable via SecurityContextHolder.context.authentication

injecteer
  • 20,038
  • 4
  • 45
  • 89