If you simply need to check to see if a user is in a specific role then use SpringSecurityUtils.ifAllGranted which takes a single String as an argument which contains a comma-delimited list of roles. It will return true if the current user belongs to all of them. SpringSecurityUtils also has methods like ifAnyGranted, ifNotGranted, etc, so it should work for whatever it is you are trying to accomplish.

To get the user

    def springSecurityService
    def principal = springSecurityService.principal
    String username = principal.username

You can inject springSecurityService into your controller:

def springSecurityService

and then in your action, call:

def roles = springSecurityService.getPrincipal().getAuthorities()

See the docs here.

From a controller you can use two methods the plugin adds to the metaclass, getPrincipal and isLoggedIn:

def myAction = {
   if (loggedIn) {
      // will be a List of String
      def roleNames = principal.authorities*.authority
   }
}

If the action is secured you can skip the loggedIn/isLoggedIn() check.

SecurityContextHolder knows that:

SecurityContextHolder.getContext().getAuthentication().getAuthorities()

You can also use getAuthenticatedUser() by itself. This method is automatically injected in every controller, and thus only available from controllers. You will have to use one of the other methods if you want to access the current logged in user from anywhere else.