Grails 7, Dynamically adding role to user doesn't work. #1183
Description
Expected Behavior
I am not sure which one is at fault 'grails-spring-security:7.0.0-RC2' or 'grails-spring-security-ui:7.0.0-RC2'.
Without restarting my app or re-login:
I expect for example, I can add the ROLE_SUPERVISOR to a user and then in GSP i can use <sec:ifAllGranted roles='ROLE_SUPERVISOR'> and it works.
The same way removing a ROLE. If i remove the ROLE_SUPERVISOR from user sec:ifAllGranted should prevent user from seeing enclosed section.
Actual Behaviour
Add or remove ROLE from a user. Data is changing in USER_ROLE in H2 DB.
But this change in USER_ROLE has no effect on sec:ifAllGranted
It looks like USER_ROLE not updating in cache
Steps To Reproduce
- create an app with plugins 'grails-spring-security:7.0.0-RC2' and 'grails-spring-security-ui:7.0.0-RC2'
- add a user Admin and two Roles ROLE_ADMIN. Using BootStrap.groovy
- create a gsp. Add a section. <sec:ifAllGranted roles='ROLE_ADMIN'>
- Start app.
- Everything works OK.
- Go to grails-spring-security-ui console in browser
- add ROLE_SUPERVISOR to Admin user in the console
- in GSP change role <sec:ifAllGranted roles='ROLE_SUPERVISOR'>9. reload GSP page in browser
- nothing will show up
- logout
- login
- go to GSP page. It is working now. Content in sec:ifAllGranted showes up
It seems the USER_ROLE in the cache is not updating ### Environment Information
java=21.0.8-zulu
gradle=8.14.3
groovy=4.0.28
grails=7.0.0-RC2
Example Application
https://github.com/arjangch/grails-project-helper/tree/main/example3
Version
7.0.0-RC2