Grails, Spring Security and Angular JS - How to protect URLs?

Question

Hello I build application with backend built in Grails and frontend made in AngularJS. I want to use Grails Spring Security Plugin to give some security to my app, but I've got some problems with that. First off all, I don't know how to allow only users with specified role to access dedicated URLs.

For example I have 3 types of URLs

/userspace/**  - (eg. http://localhost:8080/MyApp/#/userspace/settings -displays view with user's profile settings)
/adminspace/** - (eg. http://localhost:8080/MyApp/#/adminspace/usersManagement - displays view with registered users) 
/rest/** - (eg. http://localhost:8080/MyApp/rest/book - returns JSON list of books, http://localhost:8080/MyApp/book/123 - returns book as JSON with id=123.

I would like to give access to /userspace/ for ROLE_USER and to /adminspace/ for ROLE_ADMIN.

I don't know what properties should I set in Config.goovy to make it possible? Have angular's # in url any matter?

I'm also not sure how should I protect /rest/**. These urls are used to communicate with backend and sometimes they are called by angular's $http service from angular's controllers of views visible to all, but sometimes they are called from protected views. Maybe the way is to leave /rest/** urls available for all and use specified annotations eg. @Secured(['ROLE_USER']) in grails controllers?

I would be grateful for help

Answer 1

This is discussed here (not specific to Angular of course): http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/requestMappings.html

If you have annotated controllers, map these extra URLs in the controllerAnnotations.staticRules map. Otherwise use Requestmaps in the database, or one big map in the interceptUrlMap property.