Grails plugin that keeps track of user identities via cookie, instead of servlet session
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Basic Sessionless Remember Me Plugin

This grails plugin keeps track of the current-user's identity via cookie, instead of the servlet session.

To use, you must implement at least implement a custom `org.c02e.plugin.rememberme.rotating.RotatingTokenUserStore` class to save user-identity token values in a persistant data-store (ie a database, memcached, etc). An non-persistant, in-memory sample user-store is provided as `org.c02e.plugin.rememberme.rotating.inmemory.InMemoryUserStore`.

You may also implement a custom `org.c02e.plugin.rememberme.UserManager` class to customize the management of the user-identity tokens. The default implementation (org.c02e.plugin.rememberme.rotating.RotatingTokenUserManager) rotates tokens every few minutes (by default, every 10 minutes), and allows a user to use both his/her current token and his/her previous token to authenticate (allowing a "grace" period for the user's browser to receive and start sending the updated identity cookie).

With or without a custom `UserManager`, you must register the `UserManager` and `RotatingTokenUserStore` implementations as spring beans via your app's `grails-app/conf/spring/resources.groovy` file. See the sample `resources.groovy` included in this plugin as an example.

You must also implement a custom `org.c02e.plugin.rememberme.rotating.RotatingTokenUser` class to keep track of your app's user-information for the current user, such as his/her username or ID. To "login" a user, pass an instance of that class representing the current user to the `remember` method of the `BasicSessionlessRememberMeService`; to "logout", call the `forget` method on the service. To access the identity of the current user when "logged-in", check the `user` property of the `BasicSessionlessRememberMeService` -- it will return an instance of your app's `RotatingTokenUser` class for the current user (or `null` if the user is not logged in).

See the sample `grails-app/controllers/test/TestController.groovy` for an example of login and logout; and see `grails-app/conf/test/TestFilters.groovy` for an example of allowing only logged-in users to access certain controllers/actions.

This plugin also provides the following tags (through the `org.c02e.plugin.rememberme.BasicSessionlessRememberMeTagLib`):

    * `<rememberme:user>`: prints an HTML-encoded property value of the current user
    * `<rememberme:withUser>`: adds the current user as the `user` var to the current GSP context
    * `<rememberme:yes>`: displays the tag body when current user is logged in
    * `<rememberme:no>`: displays the tag body when current user is not logged in

For config settings, see `org.c02e.plugin.rememberme.BasicSessionlessRememberMeService` and `org.c02e.plugin.rememberme.rotating.RotatingTokenUserManager`.