Grails plugin that keeps track of user identities via cookie, instead of servlet session
Groovy
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
grails-app
src/groovy
test/unit/org/c02e/plugin/rememberme
web-app/WEB-INF
.gitignore
BasicSessionlessRememberMeGrailsPlugin.groovy
LICENSE
NOTICE
README
application.properties

README

Basic Sessionless Remember Me Plugin
====================================

This grails plugin keeps track of the current-user's identity via cookie, instead of the servlet session.

To use, you must implement at least implement a custom `org.c02e.plugin.rememberme.rotating.RotatingTokenUserStore` class to save user-identity token values in a persistant data-store (ie a database, memcached, etc). An non-persistant, in-memory sample user-store is provided as `org.c02e.plugin.rememberme.rotating.inmemory.InMemoryUserStore`.

You may also implement a custom `org.c02e.plugin.rememberme.UserManager` class to customize the management of the user-identity tokens. The default implementation (org.c02e.plugin.rememberme.rotating.RotatingTokenUserManager) rotates tokens every few minutes (by default, every 10 minutes), and allows a user to use both his/her current token and his/her previous token to authenticate (allowing a "grace" period for the user's browser to receive and start sending the updated identity cookie).

With or without a custom `UserManager`, you must register the `UserManager` and `RotatingTokenUserStore` implementations as spring beans via your app's `grails-app/conf/spring/resources.groovy` file. See the sample `resources.groovy` included in this plugin as an example.

You must also implement a custom `org.c02e.plugin.rememberme.rotating.RotatingTokenUser` class to keep track of your app's user-information for the current user, such as his/her username or ID. To "login" a user, pass an instance of that class representing the current user to the `remember` method of the `BasicSessionlessRememberMeService`; to "logout", call the `forget` method on the service. To access the identity of the current user when "logged-in", check the `user` property of the `BasicSessionlessRememberMeService` -- it will return an instance of your app's `RotatingTokenUser` class for the current user (or `null` if the user is not logged in).

See the sample `grails-app/controllers/test/TestController.groovy` for an example of login and logout; and see `grails-app/conf/test/TestFilters.groovy` for an example of allowing only logged-in users to access certain controllers/actions.

This plugin also provides the following tags (through the `org.c02e.plugin.rememberme.BasicSessionlessRememberMeTagLib`):

    * `<rememberme:user>`: prints an HTML-encoded property value of the current user
    * `<rememberme:withUser>`: adds the current user as the `user` var to the current GSP context
    * `<rememberme:yes>`: displays the tag body when current user is logged in
    * `<rememberme:no>`: displays the tag body when current user is not logged in

For config settings, see `org.c02e.plugin.rememberme.BasicSessionlessRememberMeService` and `org.c02e.plugin.rememberme.rotating.RotatingTokenUserManager`.