I have a Java app with a React app embbebed in the same maven project. I want to block specific routes from frontend (eg: examplehost.com/#/dashboard) with web.xml security constraints but I can't.
Now I have an ingress role, assigned to all routes "/*", so if you have this permission, you have access to all the entire app. I want to keep this role, but restricting another specific routes. Is it possible?
security constrant of ingress:
<security-constraint>
<web-resource-collection>
<web-resource-name>ROOT</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>INGRESS_ROLE</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Permiso de acceso a la aplicación</description>
<role-name>INGRESS_ROLE</role-name>
</security-role>
In words of chatGPT: Unfortunately, the security restrictions in the web.xml file are not directly applicable to URL fragments that include the # (hash) character. The URL fragment (everything after the #) is not sent to the server and is therefore not visible on the server side. The part after # is rendered only in the client's browser.