Safer access to request attributes in Grails plugins with Platform-Core

Posted by: on Aug 17, 2012 | No Comments

The Grails Platform-Core plugin release 1.0.M3 introduced some new features for safer plugin development where Session, Request and Flash attributes are used. When you write some code in a plugin that interacts in some way with the current request’s available attributes, you probably hear a little voice in your head (or maybe its just me)

Hmm I should be careful what key I choose here, because if the app uses the same key, bad things could happen. If I call it “user” will the security plugin the app uses trash it? What about “plugin.user”. Hmm no. What prefix should I be using?

This is exactly the problem that the new dynamic properties pluginSession, pluginRequestAttributes and pluginFlash solve.

Plugin view artefacts, namely controllers and taglibs, receive these dynamic properties when platform-core is installed, and can use them just as they would session, request[xxx] and flash, but without having to worry about prefixes at all.


class BookController {
    def beginCopy = {
        pluginSession.bookOnClipboard =
        pluginRequestAttributes.clipboardInUse = true
    def doPaste = {
        def book = book.get(pluginSession.bookOnClipboard)
        // … do something with the book
        pluginFlash.clipboardActionCompleted = [action:paste, book:book.title]

So here you can see code that is much more expressive, unpolluted by attempts at safe namespacing, and safe.

Under the hood the namespacing is quite simple – the key names are simply mutated to "plugin.${pluginName}.${key}" and this is wrapped up for you so that you don’t need to worry about it.

As we all eventually discover, there are times when you do need to be “bad” and access some request specific information from some non-view artefact such as a Service.

In this situation you can call into the grailsUiExtensions bean to get at the plugin-specific wrapper object for any plugin. See the UiExtensions API docs