Hi Federico,
Unfortunately I don't have any first hand experience of this. I believe both JSecurity and Acegi Spring Security handle X509 certificates and there are plug-ins for both of these in Grails. In chapter 5 I show how to use the JSecurity plug-in, although the application just uses simple username and password form authentication.
Alternatively, is this something that you can let the
servlet container (i.e.
Tomcat) handle when deploying to production?
Hope that helps,
Jon.