How To Save Spring Security Logged In User In Session

This code get's the currently logged in user, using the Spring Security Plugin (acegi):

def principalInfo = authenticateService.principal()
def person = null
if (principalInfo != "anonymousU开发者_如何学编程ser" && principalInfo.username) {
    person = Person.findByUsername(principalInfo.username)
}

I would then like to do:

session.user = person

This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

Why do you want to do this? The person is already attached to the principal which is in the session. Call authenticateService.userDomain() to access it.

Spring does not set a user object directly in the session. However they put a SPRING_SECURITY_CONTEXT object in the session. This contains the authenticated user.

The following whould work in your gsp:

${session.SPRING_SECURITY_CONTEXT?.authentication?.authenticated}

or just directly in your controller code. I use this with the Navigation plugin to show certain menu's:

static navigation = [
        group:'tabs', 
        order:10, 
        isVisible: {  session.SPRING_SECURITY_CONTEXT?.authentication?.authenticated }
    ]

and, to answer your question, you could get the user object like this:

session.SPRING_SECURITY_CONTEXT?.authentication?.principal?