This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Unfortunately I don't have any first hand experience of this. I believe both JSecurity and Acegi Spring Security handle X509 certificates and there are plug-ins for both of these in Grails. In chapter 5 I show how to use the JSecurity plug-in, although the application just uses simple username and password form authentication.
Alternatively, is this something that you can let the servlet container (i.e. Tomcat) handle when deploying to production?