We can do that by using the DD Model as Custom Roles and Polcies and Defining the URL Pattern Scoped Policies.
The screenshots below will give an idea. If you have any queries feel free to let us know.
1.Deploy the application using DD Model as Custom Roles and Policies
Create a new user testuser
Deployments > TestApp > Security > URL Patterns > Roles
Click new and provide url pattern as /protected/* and role as testrole
Click on the testrole and add user testuser to the role condition. Remember to save!
Deployments > TestApp > Security > URL Patterns > Policies
Create a new policy /protected/* and add testrole to that policy.