Grails3 spring security plugin requestmap mode not working

Question

When I upgraded my grails project to v3, I met lots of issues such as the security plugin problem.

application.groovy as the following

grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.watlms.AppUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.watlms.AppUserAppRole'
grails.plugin.springsecurity.authority.className = 'com.watlms.AppRole'
grails.plugin.springsecurity.requestMap.className = 'com.watlms.Requestmap'
grails.plugin.springsecurity.securityConfigType =  'Requestmap'
println grails.plugin.springsecurity.securityConfigType
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations= false

bootstrap as the following:

class BootStrap {

    def init = { servletContext ->

        def userRole = new AppRole(authority: 'ROLE_USER').save()

        def testUser = new AppUser(username: 'bill', password: 'bill').save()
        def testUser2 = new AppUser(username: 'me', password: 'me').save()
        AppUserAppRole.create testUser, userRole
        AppUserAppRole.create testUser2, userRole

        AppUserAppRole.withSession {
            it.flush()
            it.clear()
        }

        for (String url in [
                '/', '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
                '/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
                '/login', '/login.*', '/login/*',
                '/logout', '/logout.*', '/logout/*']) {
            new Requestmap(url: url, configAttribute: 'permitAll').save()
        }
        new Requestmap(url: '/',      configAttribute: 'ROLE_USER').save()
        new Requestmap(url: '/*',      configAttribute: 'ROLE_USER').save()
        new Requestmap(url: '/test/**',      configAttribute: 'ROLE_USER').save()
    }
    def destroy = {
    }
}

After login, I have not access to open any URLs set in Requestmap.

2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbe6c400: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 29A241F597CE1A095B91953EA5529E8B; Granted Authorities: ROLE_USER
2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.a.h.RoleHierarchyImpl              : getReachableGrantedAuthorities() - From the roles [ROLE_USER] one can reach [ROLE_USER] in zero or more steps.
2017-05-24 14:31:51.052 DEBUG --- [nio-8080-exec-2] tContextHolderExceptionTranslationFilter : Access is denied (user is not anonymous); delegating to AccessDeniedHandler

org.springframework.security.access.AccessDeniedException: Access is denied
        at org.springframework.security.access.vote.AbstractAccessDecisionManager.checkAllowIfAllAbstainDecisions(AbstractAccessDecisionManager.java:70)
        at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.groovy:50)
        at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)

Answer 1

Finally, I found out the root cause of this issue.

According to the log, obviously, the security core could not read the requestmap data initialed by the bootstrap, because the step is before the bootsrap running...

I add a "springSecurityService.clearCachedRequestmaps();" in the end of the bootstrap to reload the requestmap cache and it works well now...