Hi Raghavan,
Good questions. Let's see if I can answer them all:
1. Basically, Groovy security is Java security. Since Groovy code compiles to Java bytecode, when it runs it IS Java. So any security tool or framework that you would use with Java can be used with Groovy. There are several Grails plugins that bring popular Java security frameworks and make them easier to use. The two most popular are Spring Security and Shiro (formerly JSecurity) but there are many others. A quick search of the Grails plugin portal (
http://grails.org/plugin/home) shows 26 different security related plugins.
2. GSPs are Groovy Server Pages. They are processed by a Groovy template engine built into Grails. They work very similarly to JSPs but are more flexible and easier to work with. One of the best things about them is that you can create custom tags with a single class file. No TLD, no interfaces to implement, no configuration.
3. Grails depends mostly on convention for configuration. Ultimately it still uses web.xml but it builds it for you based on conventions, while giving you the ability to control it directly if needed.
4. Grails includes both unit and integration testing "out of the box", with classes that extend the
JUnit classes. Unit tests run in isolation and consequently don't have any of the Grails runtime mojo. Though the Grails testing classes provide a bunch of helpful methods to allow mocking of things like GORM (Grails Object Relational Mapping). Integration test include all the dynamic goodness that Grails provides, but run a little slower. There are also plugins available for several different forms of functional testing (Webtest, Selenium, GFunc, and more).
Whew. I did it . Now I have to head off to work.
Dave