I have this: @Secured([‘ROLE_USER’, ‘ROLE_HELPDESK’, ‘ROLE_ADMIN’]) class MyController { def edit = { }

Question

0

Asked: May 24, 20262026-05-24T15:39:46+00:00 2026-05-24T15:39:46+00:00

I have this: @Secured([‘ROLE_USER’, ‘ROLE_HELPDESK’, ‘ROLE_ADMIN’]) class MyController { def edit = { }

0

I have this:

@Secured(['ROLE_USER', 'ROLE_HELPDESK', 'ROLE_ADMIN'])
class MyController {
    def edit = {
    }

    @Secured(['ROLE_ADMIN'])
    def uploadForUser = {
        params.userId = params.id
        forward(controller: 'someController', action: 'someAction', params: params)
    }
}

and an integration test I think should fail:

public void test_uploadForUser_unauthenticated(){
    myController.params.id = "testUser"
    myController.uploadForUser()
}

And yet the tests pass. Is there any way to test controllers annotated with the spring security plugin?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T15:39:47+00:00

Editorial Team

2026-05-24T15:39:47+00:00Added an answer on May 24, 2026 at 3:39 pm

These annotations are analyzed by SpringSecurityFilter, so they don’t work if you don’t have an actual HTTP request performed.

Thus, you need either to switch to checking the roles by conditionals inside the actions, like being done here, or test it with WebDriver/Geb or some simpler framework — very nice approach is presented in Grails Security Plugin itself.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have this: @Secured([‘ROLE_USER’, ‘ROLE_HELPDESK’, ‘ROLE_ADMIN’]) class MyController { def edit = { }

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply