Search code examples

Grails request filters: what's the source of this mysterious authorization method?

I'm building a custom authentication filter class in Grails. It's working, but it bugs me that I don't know why it's working.

In the following Grails request filter, where/how is the "role" method defined? It's got to be part of the Nimble plugin for Grails, but I don't see it in NimbleFilterBase, which my filter class extends.

public class MySecurityFilters extends MyCustomExtensionOfNimbleFilterBase {
    def filters = {
        reports(controller: 'foo', action: 'bar') {
            before = {
                accessControl {

Also, what exactly is the "accessControl" block? Is that a built-in part of Grails, or something Nimble somehow provides, or just a random scoping mechanism that I could get rid of?



  • Nimble uses Shiro and these are Shiro features. See the docs at

    The accessControl method is wired into the MetaClass by ShiroGrailsPlugin in doWithDynamicMethods() - see

    The role method is defined in