Grails filters are wrappers for Spring HandlerInterceptors and only work with controller actions. The dbconsole is served by a servlet, so you'll need a servlet filter. Your best bet is Spring Security or Shiro.
Marcel Overdijk wrote
I'm trying to protect the dbconsole with a filter.
That makes sense.
I only needed really basic auth (single user) and that's why I was *avoiding* Spring Security plugin, and using simple Grails filter. But as you suggested the Spring Security plugin might be best path after all.