Here are the directions for a patch in a great Screencast by Tomás Lin that makes authentication work in a Grails Application on Google’s App-Engine:
google.appengine.sessionEnabled = true // default true
google.appengine.enableSsl = true // default true
google.appengine.security.useHttps = ["/secure", "/shoppingcart/*", "/admin"]
google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"]
google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"]
Don’t forget to apply the securePatch.diff patch to the plugin directory of your project – that is in <home>.grails/1.1.1/projects/myproject/plugins/app-engine-0.8.1 in order for these properties effectively written to the web.xml file.