You could use the session.getAttribute(key)
and session.setAttribute(key, value)
methods inside your controller. Alternatively, there are plugins such as the Spring Security Core Plugin that already handle this very well.
There's a good tutorial by Peter Ledbrook for the Spring Security plugin here and the plugin documentation links to at least one other tutorial.
** Edit **
As you suggested, in order to use the session directly the user would need to be set in the session at an earlier point. For example:
def setCurrentStudent() {
def aStudent = [name: "Student1"]
session["user"] = aStudent
render "Added $aStudent to the session."
}
Spring Security will do this automatically at login. Then, the current user can then be accessed at any time using the springSecurityService.
class SomeController {
def springSecurityService
def someAction = {
def user = springSecurityService.currentUser
…
}
}