how to use session in grails

Sumon Bappi picture Sumon Bappi · Jun 30, 2013 · Viewed 18.7k times · Source

I am new to grails. And I have to work with session. I have seen the session documentation. But no idea where to put the code in my controller. I have a page for student creation names createStudent. Now I want that this page only be access able when the user will be in session. Now how can I do it. Should I have to set the user in a variable at the time of login. Can anyone please help me on this ?

def index() {
    def user = session["user"]
    if (user){
        redirect(controller: 'admistratorAction', action: 'createUser')
    }else{
        redirect(controller: 'login', action: 'index')
    }

}

Answer

osborp picture osborp · Jun 30, 2013

You could use the session.getAttribute(key) and session.setAttribute(key, value) methods inside your controller. Alternatively, there are plugins such as the Spring Security Core Plugin that already handle this very well.

There's a good tutorial by Peter Ledbrook for the Spring Security plugin here and the plugin documentation links to at least one other tutorial.

** Edit **

As you suggested, in order to use the session directly the user would need to be set in the session at an earlier point. For example:

def setCurrentStudent() {
    def aStudent = [name: "Student1"]
    session["user"] = aStudent
    render "Added $aStudent to the session."
}

Spring Security will do this automatically at login. Then, the current user can then be accessed at any time using the springSecurityService.

class SomeController {
   def springSecurityService
   def someAction = {
       def user = springSecurityService.currentUser
       …
   }
}