My simple approach to security tokens

I'm a big fan of the spring-security plug-in series for grails. It allows me to do almost anything concerning security issues while giving me faith that this works properly. One scenario I encountered now, however, was not covered. In order to secure mit JSON web-service actions I couldn't rely on spring security. Instead I wanted to create unique links just like in google's picasa, when you wanted to share an image with a 3rd party that does not necessarily have a picasa account like you do. I decided to implement this in a very simple fashion: I added a field String uuid to the domain class in question. Then I added a service class: Then all I needed to do is to modify controller actions like this: I would like to hear what you think about this approach. Is it save enough? Is there a more elegant solution?