rest - Grails - spring security with basic auth only -

i'm trying create simple app, proof of concept actually, end user interact server through restful services. user interface use angularjs send ajax requests these services , render response in browser.

in order create security layer i'm trying configure spring security plugin, there issue configuration. in moment, config:

grails.plugin.springsecurity.userlookup.userdomainclassname = 'mymoney.subject' grails.plugin.springsecurity.userlookup.authorityjoinclassname = 'mymoney.subjectrole' grails.plugin.springsecurity.authority.classname = 'mymoney.role'  grails.plugin.springsecurity.usebasicauth = true grails.plugin.springsecurity.basic.realmname = "restricted access"  grails.plugin.springsecurity.controllerannotations.staticrules = [     '/**': ['permitall'] ]  grails.plugins.springsecurity.filterchain.chainmap = [     '/rest/**': 'joined_filters,-exceptiontranslationfilter',     '/**': 'joined_filters,-basicauthenticationfilter,-basicexceptiontranslationfilter' ] 

if keep config that, available everyone, /rest/** resources. guess staticrules before chainmap messing everything. problem if remove it, falls under basic auth...

so want every resource under /rest/** secured basic auth, , spa (single page application), accessible in root context ('/') available every 1 without auth...

what missing here?

it doesn't matter how urls partitioned in filter chain if have /**=permitall - you're not blocking anything. need split access rules also, like

grails.plugin.springsecurity.controllerannotations.staticrules = [    '/rest/**': ['role_admin'],    '/**': ['permitall'] ]