> I think the confusion here may be that, unless I'm reading the grails-user > list comments incorrectly, that the Grails plugin enforces that a user must > be authenticated in order for it to perform a role or permission check. > This shouldn't be the case if the Grails plugin is to mirror the JSecurity > framework functionality.
This is correct and derives from a misunderstanding on my part. I've suggested a change to the plugin that should be fairly simple to implement with zero impact on existing users. I hope it's simple to implement anyway :) Cheers, Peter
