wood burning stoves 2.0*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Regarding Authentication & Authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Regarding Authentication & Authorization" Watch "Regarding Authentication & Authorization" New topic
Author

Regarding Authentication & Authorization

Akshay Singhvi
Ranch Hand

Joined: Nov 08, 2005
Posts: 93
Hi Ranchers,

Well my problem is I'm getting "HTTP Status 403 - Access to the requested resource has been denied" errror page.My <security-constraint> tag details are:
<security-constraint>
<web-resource-collection>
<web-resource-name>Authorization</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>admin</auth-constraint>
</security-constraint>
-------------------------------------------------
while my tomcat-users.xml entry are:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="password-1" roles="admin,manager"/>
</tomcat-users>
-------------------------------------------------------------------
Well when i type <<http://localhost:8080/ELTest/Serv.do>> in my browser, a dialog box appears which ask for username and password when i type in
username: admin
password: password-1
it gives me HTTP status 403 error.
Can you tell me what thing I'm doing wrong..


Regards,<br />Akshay Singhvi<br />SCJP 1.4 (95%)<br />SCWCD 1.4 (86%)
Amit Tayal
Ranch Hand

Joined: Apr 25, 2006
Posts: 51
Hi Akshay
It seems that you forgot to put <login-config> tag in DD.
Try putting the below mentioned code in your DD and see whether the resource is available or not.

Amit

<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Akshay Singhvi
Ranch Hand

Joined: Nov 08, 2005
Posts: 93
Hello Amit,

I have put <login-config> tag ,but still it is not working...
Amit Tayal
Ranch Hand

Joined: Apr 25, 2006
Posts: 51
There is a small mistake in <auth-contraint>
You forgot to add <role-name> over there.
code should me

<security-constraint>
<web-resource-collection>
<web-resource-name>Authorization</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint><role-name>admin</role-name></auth-constraint>
</security-constraint>
Akshay Singhvi
Ranch Hand

Joined: Nov 08, 2005
Posts: 93
Hello Amit
Yes it worked Thankx!!!
 
Don't get me started about those stupid light bulbs.
 
subject: Regarding Authentication & Authorization