Grails 7, Dynamically adding role to user doesn't work.

[arjangch]

Expected Behavior

I am not sure which one is at fault 'grails-spring-security:7.0.0-RC2' or 'grails-spring-security-ui:7.0.0-RC2'.
Without restarting my app or re-login: I expect for example, I can add the ROLE_SUPERVISOR to a user and then in GSP i can use <sec:ifAllGranted roles='ROLE_SUPERVISOR'> and it works. The same way removing a ROLE. If i remove the ROLE_SUPERVISOR from user sec:ifAllGranted should prevent user from seeing enclosed section.

Actual Behaviour

Add or remove ROLE from a user. Data is changing in USER_ROLE in H2 DB.
But this change in USER_ROLE has no effect on sec:ifAllGranted

It looks like USER_ROLE not updating in cache

Steps To Reproduce

1. create an app with plugins 'grails-spring-security:7.0.0-RC2' and 'grails-spring-security-ui:7.0.0-RC2'
2. add a user Admin and two Roles ROLE_ADMIN. Using BootStrap.groovy
3. create a gsp. Add a section. <sec:ifAllGranted roles='ROLE_ADMIN'>
4. Start app.
5. Everything works OK.
6. Go to grails-spring-security-ui console in browser
7. add ROLE_SUPERVISOR to Admin user in the console
8. in GSP change role <sec:ifAllGranted roles='ROLE_SUPERVISOR'>9. reload GSP page in browser
9. nothing will show up
10. logout
11. login
12. go to GSP page. It is working now. Content in sec:ifAllGranted showes up

It seems the USER_ROLE in the cache is not updating ### Environment Information

java=21.0.8-zulu gradle=8.14.3 groovy=4.0.28 grails=7.0.0-RC2

Example Application

https://github.com/arjangch/grails-project-helper/tree/main/example3

Version

7.0.0-RC2

[jamesfredley]

https://apache.github.io/grails-spring-security/7.0.x/core-plugin/guide/index.html#clearcachedrequestmaps must be called each time

[arjangch]

I am changing user Role from grails-spring-security-ui console in browser. I am not changing user Role from controller code.

[jamesfredley]

I see, grails-spring-security-ui must be missing that call.

[arjangch]

I just fixed steps to reproduce this bug.