Kiong Lam Kiong Lam - 1 month ago 19
Android Question

login from android http post to grails 3 spring security

i am trying to create an android application to do something with my database.

for example: i run my grails app on port 8080,

localhost:8080
then i use
POSTMAN
and pass paramter like this..

it success with like this..

enter image description here

but why i fail to login with my android application .

like this..

public static String performPostCall(String requestURL,
HashMap<String, String> postDataParams) {
Log.d("url = ",requestURL);
URL url;
String response = "";
try {
url = new URL(requestURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setReadTimeout(45000);
conn.setConnectTimeout(45000);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "form-data");
conn.setDoInput(true);
conn.setDoOutput(true);


OutputStream os = conn.getOutputStream();
BufferedWriter writer = new BufferedWriter(
new OutputStreamWriter(os, "UTF-8"));
writer.write(getPostDataString(postDataParams));

writer.flush();
writer.close();
os.close();
int responseCode=conn.getResponseCode();
System.out.println(".toString() = "+responseCode);
System.out.println(".HttpsURLConnection.HTTP_OK = "+HttpsURLConnection.HTTP_OK);
if (responseCode == HttpsURLConnection.HTTP_OK) {
String line;
BufferedReader br=new BufferedReader(new InputStreamReader(conn.getInputStream()));
while ((line=br.readLine()) != null) {
response+=line;
}
}
else {
response="";
}
} catch (Exception e) {
e.printStackTrace();
}
return response;
}

private static String getPostDataString(HashMap<String, String> params) throws UnsupportedEncodingException{
StringBuilder result = new StringBuilder();
boolean first = true;
for(Map.Entry<String, String> entry : params.entrySet()){
Log.d("entry.getKey() = ",entry.getKey());
Log.d("entry.getValue() = ",entry.getValue());
if (first)
first = false;
else
result.append("&");

result.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
result.append("=");
result.append(URLEncoder.encode(entry.getValue(), "UTF-8"));
}
System.out.println("tetstes = "+result.toString());
return result.toString();
}


then

protected Void doInBackground(Void... params) {
// TODO Auto-generated method stub

HashMap<String, String> parameter = new HashMap<String, String>();
parameter.put("username", username);
parameter.put("password", password);

try {
response = MyHttpURLConnection.performPostCall(URL, parameter);
} catch (Exception e) {
System.out.println("assdfdsf = "+e);
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}


it always fail in
def ajaxSuccess
because i cannot get
SpringSecurityServyce.principal.id

i tried to get
springSecurityService.getCurrentUser()
like this..

def ajaxSuccess() {
// println "adf = "+springSecurityService.authentication.username
println "cookies = "+session.id
def cifus = springSecurityService.getCurrentUser()
println "cifus = "+cifus
// println "adf = "+springSecurityService.principal.id
def user = com.vastpalaso.security.User.findByUsername(springSecurityService.authentication.name)
def userDetails = com.vastpalaso.security.UserDetails.findByUser(user)
def cifUser = corporateUserService.getCurrentCifUser()

println "user = "+user
// println "cif user = "+cifUser
// println "cif user = "+cifUser.cif.corpName
// if(cifUser){
// session.setAttribute("company",cifUser.cif.corpName)
// if(new Date() >cifUser.cif.expireDate ){
// redirect(controller: "error", action: "serverError")
// }
// }
//
// if (userDetails.isLogin.equals("1")) {
// def sessionx = HttpSessionCollector.find(userDetails.sessionId)
// if (sessionx) {
// sessionx.invalidate()
// HttpSessionCollector.remove(userDetails.sessionId)
// }
// }



try {
def ipAddress = request.getHeader("Client-IP")
if (!ipAddress) {
ipAddress = request.getHeader("X-Forwarded-For")
}
if (!ipAddress) {
ipAddress = request.getRemoteAddr()
}

try{
cifService.resetTryLoginAddInfo(userDetails, ipAddress, session.id)
}catch (Exception e){
println "e = "+e
}

session.setAttribute("alias", userDetails.userAlias)
session.setAttribute("fullName", userDetails.firstName + " " + userDetails.lastName)
session.setAttribute("change", userDetails.forceChangePassword)
session.setAttribute("userType", userDetails.userType)


if(userDetails.language != null){
session[org.springframework.web.servlet.i18n.SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME] = new Locale(userDetails.language)
}
else{
session[org.springframework.web.servlet.i18n.SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME] = new Locale("id")
}
buildMenuList()
if (params.callback) {
render"${params.callback} (${[success: true,id: userDetails.id ,change: userDetails.forceChangePassword, username: springSecurityService.authentication.name, fullName: (userDetails.firstName + " " + userDetails.lastName)] as JSON})"
}
else {
render([success: true,id: userDetails.id, change: userDetails.forceChangePassword, username: springSecurityService.authentication.name, fullName: (userDetails.firstName + " " + userDetails.lastName)] as JSON)
}
}
//catch unknown RuntimeException, redirect to Error 500 server Error page
catch (RuntimeException e) {
logger.error(e.getMessage(), e)
redirect(controller: "error", action: "serverError")
return
}
render([success: true, username: authentication.name] as JSON)
}


but i always get this error log.

DEBUG org.springframework.security.web.FilterChainProxy - /login/ajaxSuccess reached end of additional filter chain; proceeding with original chain
cookies = F866B5D4267DD54163C93FD3DB1EADB5
cifus = null
ERROR org.grails.web.errors.GrailsExceptionResolver - MissingPropertyException occurred when processing request: [GET] /login/ajaxSuccess
No such property: id for class: org.springframework.security.core.userdetails.User. Stacktrace follows:
groovy.lang.MissingPropertyException: No such property: id for class: org.springframework.security.core.userdetails.User
at com.vastpalaso.CorporateUserService.getCurrentCifUser(CorporateUserService.groovy:950) ~[main/:na]
at accounter.LoginController$$EQ0tGOPB.ajaxSuccess(LoginController.groovy:168) ~[na:na]
at grails.plugin.springsecurity.web.UpdateRequestContextHolderExceptionTranslationFilter.doFilter(UpdateRequestContextHolderExceptionTranslationFilter.groovy:64) ~[spring-security-core-3.1.1.jar:na]
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.groovy:53) ~[spring-security-core-3.1.1.jar:na]
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:62) ~[spring-security-core-3.1.1.jar:na]
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58) ~[spring-security-core-3.1.1.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[na:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed


this is the log

DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 1 of 9 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 1 of 9 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 3 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 3 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authenticate'; against '/logoff'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authenticate'; against '/logoff'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 4 of 9 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authenticate?spring-security-redirect=/login/ajaxSuccess at position 4 of 9 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found
DEBUG org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
DEBUG org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
DEBUG org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices - Cancelling cookie
DEBUG org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices - Cancelling cookie
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/assets/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/assets/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/js/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/js/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/css/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/css/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/images/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/images/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/favicon.ico'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/**/favicon.ico'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request '/login/authfail' matched by universal pattern '/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request '/login/authfail' matched by universal pattern '/**'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 1 of 9 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 1 of 9 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 3 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 3 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/logoff'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/authfail'; against '/logoff'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 4 of 9 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 4 of 9 in additional filter chain; firing Filter: 'GrailsUsernamePasswordAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 6 of 9 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 6 of 9 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 7 of 9 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 7 of 9 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
INFO org.springframework.security.core.SpringSecurityCoreVersion - You are running with Spring Security Core 4.0.3.RELEASE
INFO org.springframework.security.core.SpringSecurityCoreVersion - You are running with Spring Security Core 4.0.3.RELEASE
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 8 of 9 in additional filter chain; firing Filter: 'UpdateRequestContextHolderExceptionTranslationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 8 of 9 in additional filter chain; firing Filter: 'UpdateRequestContextHolderExceptionTranslationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login/authfail?login_error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login/authfail?login_error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@f23b441a: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 192.168.100.9; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@f23b441a: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 192.168.100.9; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
DEBUG org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
DEBUG org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 reached end of additional filter chain; proceeding with original chain
DEBUG org.springframework.security.web.FilterChainProxy - /login/authfail?login_error=1 reached end of additional filter chain; proceeding with original chain
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper - Skip invoking on
DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper - Skip invoking on
ERROR org.grails.web.errors.GrailsExceptionResolver - CannotRedirectException occurred when processing request: [GET] /login/authfail - parameters:
login_error: 1
Cannot issue a redirect(..) here. The response has already been committed either by another redirect or by directly writing to the response.. Stacktrace follows:
grails.web.mapping.mvc.exceptions.CannotRedirectException: Cannot issue a redirect(..) here. The response has already been committed either by another redirect or by directly writing to the response.


application.groovy

grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.vastpalaso.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.vastpalaso.security.UserRole'
grails.plugin.springsecurity.authority.className = 'com.vastpalaso.security.Role'
grails.plugin.springsecurity.requestMap.className = 'com.vastpalaso.security.RequestMap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index2.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]


after i add this below code, my error log become like this

Answer

The issue is here:

org.springframework.security.authentication.dao.DaoAuthenticationProvider

  • User '' not found

On the provided link slide 6 it says firing organizationFilter

When you look into security filters. They are actually those static rules that I mentioned earlier.

so something is of a conflict there and the rule is being bypassed then it attempts to login (with no user credentials).

It is all there in there logs just a matter of interpreting it correctly

Right.. Comment out this first

//grails.plugin.springsecurity.securityConfigType = 'Requestmap'

//Then add

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index2.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/login/ajaxSuccess',       access: ['permitAll']],
    [pattern: '/login/ajaxSuccess/**',       access: ['permitAll']],
    [pattern: '/**/ajaxSuccess/**',       access: ['permitAll']]
]

I haved added 3 new rules at the very bottom, the very first one should fix the issue. But I added them just incase. Then the line above it you have changed from annotation to Requestmap but then you have controllerAnnotations.staticRules you do need to pay attention to the finer details here.

If you set something to be something else then you need relevant configuration for that. Please note if you do wish to stick with Requestmap then maybe you need to configure

grails.plugin.springsecurity.interceptUrlMap = [
                [pattern: '/',               access: ['permitAll']],
                [pattern: '/something/**',          access: ['ROLE_ADMIN', 'ROLE_USER']],
                [pattern: '/**',          access: ['permitAll']],
]

For now I would stick with securityConfigType: Annotation