Auth0 + Grails 3 + Spring Security

my project is client app (angular4) and api server (grails3) and we would like to start using Auth0. If i got it right, with usage of JWT i can have "session-less" API architecture with following flow:

1) user in client app login (for example with lock)

2) all requests to API will contains jwt token and api can "verify" token + add roles (roles can be park of "token_id", for example as custom claims).

Current API security is done by Spring Security :

• we have on static rule in configuration file

  pattern: '/rest/**' access: ['ROLE_USER']>

• when resource "is public" we just annotation on method in controller @Secured(['permitAll'])

• user log into application (ajax request from angular client to api server) and spring security store his roles into session

So here is my question:

• It is possible to continue using our security configuration with Auth0+JWT (so each request to API server would contains JWT, there would be some "interceptor" which would verify tokenId, decode it, add roles and then spring security just check if user has proper role to access API service - as user would be logged and his roles would be stored in session).
• Does such "interceptor" exists ?

Thank you very much !

Take a look at this plugin http://plugins.grails.org/plugin/grails/spring-security-rest. It works on top of spring security and supports JWT auth, and you don't need to change a lot in your code