Grails - AcegiSecurity Plugin - Arti...

AuthorizeTagLib

ifAllGranted

Will display inner body content only if all of the listed roles are granted: 

<g:ifAllGranted role="ROLE_ADMIN,ROLE_SUPERVISOR">secure stuff here</g:ifAllGranted>
In a controller use the authenticateService: 
…
def authenticateService   // insert at the beginning of the class
…
def isAdmin = authenticateService.ifAllGranted('ROLE_ADMIN') // boolean, use in the method

ifAnyGranted

Will display inner body content if any of the listed roles are granted: 

<g:ifAnyGranted role="ROLE_ADMIN,ROLE_SUPERVISOR">secure stuff here</g:ifAnyGranted>

ifNotGranted

Will display inner body content if none of the listed roles are granted: 

<g:ifNotGranted role="ROLE_USER">non-user stuff here</g:ifNotGranted>

loggedInUserInfo

Displays the value of the specified domain user class field if logged in. For example this will show the user's username property: 

<g:loggedInUserInfo field="username"/>  // as a gtag
${loggedInUserInfo(field:'username')}   // as a GString-expression

isLoggedIn

Will display inner body content if the user is authenticated: 

<g:isLoggedIn>content for logged in user</g:isLoggedIn>

isNotLoggedIn

Will display inner body content if the user is not authenticated: 

<g:isNotLoggedIn>content for anonymous (not logged in) user</g:isNotLoggedIn>

AuthBase

AuthBase.groovy is a sample Controller base class that can optionally be used to share common security-related functionality between secured controllers. Some features include:

  • dependency injection for AuthenticateService
  • allows specification per-controller of required roles to access the controller (see the 'requestAllowed' field)
  • provides Locale resolution
  • turns off caching

AuthenticateService

A Service class that provides some security utility functions. Has some (deprecated) overlap with AuthorizeTagLib, but also provides these methods:

  • principal() to retrieve the currently logged in user's Principal
  • userDomain() to retrieve the currently logged in user's Domain class
  • getSecurityConfig() to retrieve the security configuration (DefaultSecurityConfig attributes merged with SecurityConfig attributes)
  • encodePassword(String passwd) to encode the given password
  • isLoggedIn() returns true if the current user is logged in, false otherwise
Sample usage: 
class SimpleController {
   def authenticateService
   def simpleAction = {
      def principal = authenticateService.principal()
      println principal.getUsername()//get username
      println principal.getAuthorities()//get authorities
   }
}