Home/ Questions/Q 9103977
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T01:45:19+00:00

Am implementing User controller around springsource-security-core plugin. When I show a user instance in

  • 0

Am implementing User controller around springsource-security-core plugin.

When I “show” a user instance in my controller (“User”) I want to ensure that the password parameter is nulled and is displayed as a blank edit control.

This is the code for the “show” method:

@Secured(['ROLE_SUPERUSER','ROLE_USER'])
def show(Long id) {

/**
 * If we're not the Superuser, then we only want to see the instance of the logged in user.
 */
def userInstance

if (SpringSecurityUtils.ifNotGranted('ROLE_SUPERUSER')) {
    userInstance=springSecurityService.currentUser
} else {
    userInstance = User.get(id)
}

    if (!userInstance) {
        flash.message = message(code: 'default.not.found.message', args: [message(code: 'user.label', default: 'User'), id])
        redirect(action: "list")
        return
    }

    userInstance.setPassword(null)

    [userInstance: userInstance]
}

Setting a “watch” on ‘userInstance’ indicates that the userInstance.setPassword(null) has the desired effect and sets the “password” parameter to ‘null’.

However, when the view is rendered with the same parameter set, the password is populated.

I’m looking to implement a “password-confirmation” field as well. I’m a bit new to groovy/grail so I’m feeling my way around this step by step. It appears that by passing in “userInstance” I pass an Instance of the “User” domain class.

Do I need two encoded fields in the domain class or can I add a field to the GSP on the fly and then validate this in the controller before saving the domain class with an encoded password?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Best way to do this is to use command objects, please see :
    Official documentation

    • 0