grails 3.0 angularjs spring安全rest插件被禁用

我正在尝试使用Grails3.2.0.M2和angularjs配置文件来学习教程

build.gradle具有以下功能

 compile 'org.grails.plugins:spring-security-core:3.1.1'
 compile "org.grails.plugins:spring-security-rest:2.0.0.M2"

我的application.groovy具有以下功能

grails.plugin.springsecurity.userLookup.userDomainClassName = 'workspace.kernel.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'workspace.kernel.UserRole'
grails.plugin.springsecurity.authority.className = 'workspace.kernel.Role'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.rejectIfNoRule = true

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/ats/**',       access: ['permitAll']],
    [pattern: '/login/**',       access: ['permitAll']],
    [pattern: '/index/**',       access: ['permitAll']],
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    //[pattern: '/welcome.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']]

]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
    //[pattern: '/**',         filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter']
]

我故意不使用“/api/**”前缀，因为我认为我将不得不更改多个javascript

我已成功登录并获得令牌，但在此之后，许多操作将返回403状态。比如说

@Transactional
    @Secured(['ROLE_ADMIN'])
    def save(User user) {
        if (user == null) {
            transactionStatus.setRollbackOnly()
            render status: NOT_FOUND
            return
        }

        if (user.hasErrors()) {
            transactionStatus.setRollbackOnly()
            respond user.errors, view: 'create'
            return
        }

        user.save flush: true

        respond user, [status: CREATED, view: "show"]
    }

另一方面，一些请求根本不需要令牌！ 例如，无论是否缺少令牌，它都可以工作

 @Transactional
    @Secured(['ROLE_ADMIN'])
    def processUpload() {
        println params.file.getOriginalFilename()
        String xmlReponse = resumeParserService.parse(params.file.getBytes(), "txt")
        println 'response received'
        def xmlObj = new XmlSlurper().parseText(xmlReponse)
        println 'xml slurped'
        Map candidate =[:];
        candidate.firstName = xmlObj.personalInformation.firstname.text()
        candidate.lastName = xmlObj.personalInformation.lastname.text()
        candidate.email = xmlObj.personalInformation.email.text()
        candidate.mobile = xmlObj.personalInformation.phoneNumber.text()
        candidate.highestQualification = xmlObj.personalInformation.isced.name.text()
        xmlObj.binaryDocuments.document.each{
            if(it.class.text().startsWith('plot_')){
                candidate[it.class.text()] = it.binary.text()
            }
        }
       // println 'values assigned'
        println candidate
        render candidate as JSON
    }

最后是我从rest客户端的请求 我对使我的网站无状态最不感兴趣；有没有办法让我所有的Grails3控制器保持稳定，只使用SpringSecurityCore