• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied

 
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello all,

I am trying to setup tomcat with my current source code. I downloaded the zip from tomcat site(version 6.0.32

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

Any help appreciated. Stuck on this for 2 days now.

Thanks.

tomcat-users.xml :

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Looks fine with a quick glance. Perhaps the \ in the username is boofing things up? I'd try a username with just "normal" characters.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
but that is the username it authenticates in the database.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'd just try it to see if that's the issue. If not, then it's something else.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok.
Will try it now.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nope.
That didnt work too.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, then we know it's something else.

Oh wait a minute... I thought you were trying to hit the manager app, but you say that's working. But you are getting a prompt when hitting the root app? That shouldn't be protected at all. Did you change something about the root app?
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My application has an authorization to enter.
So when I try to access my application, it prompts me for credentials the way it is supposed to.
But after entering the credentials it gives me the 403.

I cant see anything in the log.
Just says Server started.... as the last entry.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.
 
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The tomcat-users.xml section that contains the role information is commented out by default. Did you un-comment those lines?

And wouldn't you want to use a JNDI Realm and maybe check users against your active directory, and or in a database - DataSourceRealm?

And without seeing your web.xml, how do we know you setup basic authentication, or form authentication...?

And without seeing your server.xml, how do we know you didn't set your org.apache.catalina.realm.UserDatabaseRealm to store digested passwords?

 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.



tomcat-users.xml and the Realm that uses it is really only intended for quick-and-dirty stuff. Real production webapps should be using a more robust Realm like one of the database or LDAP-based Realms.

tomcat-users is fine for testing, and the great thing about it is that a simple reconfiguration of the webapp Context or server.xml can then be used to use a "real" realm in production without any code changes. But as a data center operations solution, it's a nightmare. Not only would it require operators or security personnel to go mucking around in the server config directory, you can only get new/changed users to "take" by restarting Tomcat.

A userid in the form "aaaa\bbbb" usually means that the real ID is a user within a domain. Normally, a backslash is just begging for trouble, since it's Java's escape character, but tomcat-users.xml is (obviously!) an XML file, and backslashes aren't "magic" to XML, so I can't venture a guess on that one.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello viidhya,

have you go to the services and restart the tomcat application?
i was just having the same problem as yours, i simply go to the windows services, and restart the Tomcat6 application.
then, i can login to the manager page.
 
reply
    Bookmark Topic Watch Topic
  • New Topic