I had a question come in about a setting in Spring Security so I thought I would take a quick minute and explain it in case anyone else also has the same question. There is a setting

'grails.plugin.springsecurity.logout.postOnly = true'
that is true by default. If you look at the LogoutController's index action this make a little more sense.

All this is saying is that to Logout we must have that request made in the form of a post. An easy way to do that is create a link to the logout controller (remember index is our default action).

If you try and just visit the URL http://localhost:8080/{your_context}/logout you can tell by the code that this should throw a 405 error, and it does.