That's a weird looking controller action. It's a method called index
secured with either ROLE_ADMIN or ROLE_USER, and multiple render calls and a mysterious annotated showAdmin
closure. In general you should only have one render
call, and if Grails concatenates the rendered output from multiple calls for you, you should consider it a bug that will be fixed at some point.
The inner showAdmin
closure isn't doing anything. It's just a closure in the middle of a method, and it's not called by Grails or your code. Since it's just an object inside a method, it's not seen by Grails as a callable action, and it's not seen by Spring Security as something to be guarded or processed.