There’s no mention of Security on the Grails website, however, since the framework and the generated applications are using Spring under the covers, I wondered if you could use the Acegi Security System to secure URLs.
From some experiementing with the supplied beans, and adding filters to the web.xml and bean defs in the applicationContext.xml file, this is possible, exactly the same as for any other web application.
This is awesome as it allows you to add role-based URL security to URLs in your web app, and to protect access to certain parts of the application, perhaps ‘edit’ and ‘create’ controllers so that unauthenticated users can just have access to the view parts of the application.