How to get Session in UserDetailsService with Grails 3?

Question

I've got a Grails 2.5 application that i'm trying to upgrade to 3.3 using Spring Security Core plugin (3.2.0.M1) with the preauth setup using Siteminder. In my UserDetailsService I get the Session like this:

UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
    org.grails.web.util.WebUtils.retrieveGrailsWebRequest().getCurrentRequest().getSession()

I need to get more than the single header passed into the app and when running the app locally this works as expected but when running through a war, on weblogic 12.2.1, I get this error:

No thread-bound request found: Are you referring to request attributes outside of an 
actual web request, or processing a request outside of the originally receiving thread? 
If you are actually operating within a web request and still receive this message, your code
is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use 
RequestContextListener or RequestContextFilter to expose the current request.

I have also tried:

((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();

but ran into a NPE on getRequest(). When running in Grails 2.5 with Spring Sec Core plugin 2.0-RC6, the RequestContextHolder way worked correctly. Is there a different way to grab the headers maybe? Or is it possible some property I pulled over from my previous Config.groovy file into application.groovy may have caused a problem?

resources.groovy:

beans = {

userDetailsService(com.myapp.security.MyUserDetailsService)

userDetailsServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
        userDetailsService = ref('userDetailsService')
}

preauthAuthProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
        preAuthenticatedUserDetailsService = ref('userDetailsServiceWrapper')
}

requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter){
    principalRequestHeader='smauthid'
    checkForPrincipalChanges = false
    invalidateSessionOnPrincipalChange = false
    continueFilterChainOnUnsuccessfulAuthentication = true
    authenticationManager = ref('authenticationManager')
}

}

Bootstrap.groovy

    SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

application.groovy

    grails.plugin.springsecurity.filterChain.chainMap = [
        [pattern: '/assets/**',      filters: 'none'],
        [pattern: '/**/js/**',       filters: 'none'],
        [pattern: '/**/css/**',      filters: 'none'],
        [pattern: '/**/images/**',   filters: 'none'],
        [pattern: '/**/favicon.ico', filters: 'none'],
        [pattern: '/index/nouser',   filters: 'none'],
        [pattern: '/nouser',         filters: 'none'],
        [pattern: '/**',             filters: 'JOINED_FILTERS']
    ]
    grails.plugin.springsecurity.providerNames = ['preauthAuthProvider']

Answer 1

I am not sure if there is any difference in getting Session in UserDetailsService but I get my session by:

session["task"]=object 

You can read more about session right here: Grails 3 latest Session documentation.

EDIT 1

def show(Project project) {
        respond project
        def object = project //params of the Task "task"
        session["task"]=object 
}