I have dealt with this very issue where the login feature was handled by a servlet outside of my angular js application.
I controlled access to the application through a javax.servlet.Filter
and I also had another Filter that I used on all Json requests coming from the application.
For the unauthenticated user scenario the Json filter behaved as follows;
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); //401
I added a $rootScope method that forced login for any 401 response from a JSON controller.
$rootScope.handleHttpFailure = function(data,status) {
if (401 == status) {
document.location.reload(true);
} else {
console.log("post ERROR status:" + status + " response:" + data);
$rootScope.alert('Error received status:'+ status + " response:" + data );
}
}
So for your scenario, you can't prevent the pagetwo controller from running but you can prevent it from accessing secured resources if you follow this fairly simple pattern.