GrailsRememberMeAuthenticationFilter causes POST/PUT/DELETE requests to redirect to GET request.

[Macoshark]

I was unable to reopen this issue (https://github.com/grails-plugins/grails-spring-security-core/issues/364) so I created a new one.

I had this problem in grails 2.x and after upgrading to grails 3.3.10 (spring security core 3.2.3) I noticed that it still exists.

Everything mentioned in the original issue is still relevant. I created a small sample app that reproduces the issue. The app also contains a Postman config file.

Task List

• [x] Steps to reproduce provided
• [ ] Stacktrace (if present) provided
• [x] Example that reproduces the problem uploaded to Github
• [x] Full description of the issue provided (see below)

Steps to Reproduce

1. Have a mysql server running on localhost. Create a database called 'bugdb'
2. Have redis running on localhost. Sample app will put session data in database index 1
3. Run the server.
4. Call test/login endpoint to create a session in redis and remember-me token in persistent_login table in mysql.
5. Call test/test and test/testMultipart actions to verify that they work and that they return the request body in the response.
6. Open redis-cli, select database 1, call flushdb to remove the session
7. Call test/test endpoint again.

Expected Behaviour

The response contains the request body like it did in the previous run

Actual Behaviour

The response only contains the id of the newly created session, but the request body was empty.

Environment Information

• Operating System: Macos 10.14.5
• GORM Version: 6.1.12.RELEASE
• Grails Version (if using Grails): 3.3.10
• JDK Version: jdk1.8.0_152

Example Application

https://github.com/Macoshark/GrailsSpringSecurityRememberMeBug