GPSPRINGSECURITYCORE-267

grails-app/services/grails/plugin/springsecurity/SpringSecurityService.groovy

@@ -88,6 +88,24 @@ class SpringSecurityService {
 		}
 	}
 
+	/**
+	 * Get a proxy for the domain class instance associated with the current authentication. Use this when you
+	 * want the user only for its id, e.g. as a proxy for the foreign key in queries like "CreditCard.findAllByUser(user)"
+	 *
+	 * @return the proxy
+	 */
+	Object loadCurrentUser() {
+		if (!isLoggedIn()) {
+			return null
+		}
+
+		// load() requires an id, so this only works if there's an id property in the principal
+		Assert.isInstanceOf GrailsUser, principal
+
+		String className = SpringSecurityUtils.securityConfig.userLookup.userDomainClassName
+		grailsApplication.getClassForName(className).load(principal.id)
+	}
+
 	/**
 	 * Encode the password using the configured PasswordEncoder.
 	 */

src/docs/guide/helperClasses/springSecurityService.gdoc

@@ -5,7 +5,9 @@ def springSecurityService
 {code}
 
 h4. getCurrentUser()
-Retrieves a domain class instance for the currently authenticated user. During authentication a user/person domain class instance is loaded to get the user's password, roles, etc. and the id of the instance is saved. This method uses the id and the domain class to re-load the instance.
+Retrieves a domain class instance for the currently authenticated user. During authentication a user/person domain class instance is retrieved to get the user's password, roles, etc. and the id of the instance is saved. This method uses the id and the domain class to re-load the instance, or the username if the @UserDetails@ instance is not a @GrailsUser@.
+
+If you do not need domain class data other than the id, you should use the @loadCurrentUser@ method instead.
 
 Example:
 
@@ -21,6 +23,29 @@ class SomeController {
 }
 {code}
 
+h4. loadCurrentUser()
+Often it is not necessary to retrieve the entire domain class instance, for example when using it in a query where only the id is needed as a foreign key. This method uses the GORM @load@ method to create a proxy instance. This will never be null, but can be invalid if the id doesn't correspond to a row in the database, although this is very unlikely in this scenario because the instance would have been there during authentication.
+
+If you need other data than just the id, use the @getCurrentUser@ method instead.
+
+Example:
+
+{code}
+class SomeController {
+
+   def springSecurityService
+
+   def someAction() {
+      def user = springSecurityService.isLoggedIn() ? springSecurityService.loadCurrentUser() : null
+      if (user) {
+         CreditCard card = CreditCard.findByIdAndUser(params.id as Long, user)
+         ...
+      }
+      ...
+   }
+}
+{code}
+
 h4. isLoggedIn()
 Checks whether there is a currently logged-in user.