StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POGrails, Spring Security and Angular JS - How to protect URLs?
text
Body
copied!<p>Hello I build application with backend built in Grails and frontend made in AngularJS. I want to use Grails Spring Security Plugin to give some security to my app, but I've got some problems with that. First off all, I don't know how to allow only users with specified role to access dedicated URLs.</p> <p>For example I have 3 types of URLs</p> <pre><code>/userspace/** - (eg. http://localhost:8080/MyApp/#/userspace/settings -displays view with user's profile settings) /adminspace/** - (eg. http://localhost:8080/MyApp/#/adminspace/usersManagement - displays view with registered users) /rest/** - (eg. http://localhost:8080/MyApp/rest/book - returns JSON list of books, http://localhost:8080/MyApp/book/123 - returns book as JSON with id=123. </code></pre> <p>I would like to give access to <code>/userspace/</code> for <code>ROLE_USER</code> and to <code>/adminspace/</code> for <code>ROLE_ADMIN</code>. </p> <p>I don't know what properties should I set in <code>Config.goovy</code> to make it possible? Have angular's <code>#</code> in url any matter?</p> <p>I'm also not sure how should I protect <code>/rest/**</code>. These urls are used to communicate with backend and sometimes they are called by angular's <code>$http</code> service from angular's controllers of views visible to all, but sometimes they are called from protected views. Maybe the way is to leave /rest/** urls available for all and use specified annotations eg. <code>@Secured(['ROLE_USER'])</code> in grails controllers? </p> <p>I would be grateful for help</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload