I am upgrading a project from grails 2.5.2 to grails 5.2.5 version. In previous version spring security 2 has been used. There URL access check start with # sign works fine. But in upgrading version, the same URL check is returning true although the user don't have permission. For example consider the following code
In requestmap table for this url - /#Customer only ROLE_MANAGER has permission.
But for ROLE_USER this URL access is returning true from the below method.
...
defaultWebInvocationPrivilegeEvaluator.isAllowed("/#Customer", springSecurityService.getAuthentication())
...
