Recently I have worked in migration of Acegi to Spring Security and I found some summarize steps to migrate from Acegi to Spring Security plugin.There are crystal clean seven steps by which we migrate from Acegi to Spring Security plugin.

step 1:-The first thing we need to uninstall the Acegi plugin.

step 2:-Then Grails install spring-security-core plugin.You can find from here-
Link

step 3:-Add two lines of code in your Buildconfig file-

grails.plugin.springsecurity.password.algorithm = 'SHA1'
grails.plugin.springsecurity.password.hash.iterations = 1

step 4:-The utility service in Spring Security Core is SpringSecurityService, so I need to replace def authenticateService with def springSecurityService. And some difference are like-

principal() is renamed to getPrincipal()

ifAllGranted(), ifNotGranted(), ifAnyGranted() were removed for this you have to use

grails.plugin.springsecurity.SpringSecurityUtils.ifAllGranted()
grails.plugin.springsecurity.SpringSecurityUtils.ifNotGranted()
grails.plugin.springsecurity.SpringSecurityUtils.ifAnyGranted()

and also for getSecurityConfig()

grails.plugin.springsecurity.SpringSecurityUtils.getSecurityConfig()

step 5:-In particular it’s important that the following properties be configured (replace class and package names to match your domain classes):

grails.plugin.springsecurity.userLookup.userDomainClassName ='com.yourcompany.yourapp.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName ='com.yourcompany.yourapp.UserRole'
grails.plugin.springsecurity.authority.className='com.yourcompany.yourapp.Role'

step: 6:-For Secured annotation you have to change

org.codehaus.groovy.grails.plugins.springsecurity.Secured

to

grails.plugin.springsecurity.annotation.Secured

and also write 1 line of code in config file –

grails.plugin.springsecurity.securityConfigType = "Annotation"

step 7:-Now lastly some changes in gsp files like-

g:ifAnyGranted role='...'
g:ifAnyGranted role='...'
g:isNotLoggedIn
g:isLoggedIn

to

sec:ifAnyGranted roles='...'
sec:ifAnyGranted roles='...'
sec:ifNotLoggedIn
sec:ifLoggedIn

Hope this helps to migrate from Acegi to Spring Security.