Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied

 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I am trying to setup tomcat with my current source code. I downloaded the zip from tomcat site(version 6.0.32

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

Any help appreciated. Stuck on this for 2 days now.

Thanks.

tomcat-users.xml :

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64828
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looks fine with a quick glance. Perhaps the \ in the username is boofing things up? I'd try a username with just "normal" characters.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
but that is the username it authenticates in the database.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64828
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd just try it to see if that's the issue. If not, then it's something else.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok.
Will try it now.
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope.
That didnt work too.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64828
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, then we know it's something else.

Oh wait a minute... I thought you were trying to hit the manager app, but you say that's working. But you are getting a prompt when hitting the root app? That shouldn't be protected at all. Did you change something about the root app?
 
Viidhya Kishore
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application has an authorization to enter.
So when I try to access my application, it prompts me for credentials the way it is supposed to.
But after entering the credentials it gives me the 403.

I cant see anything in the log.
Just says Server started.... as the last entry.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64828
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.
 
leo donahue
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The tomcat-users.xml section that contains the role information is commented out by default. Did you un-comment those lines?

And wouldn't you want to use a JNDI Realm and maybe check users against your active directory, and or in a database - DataSourceRealm?

And without seeing your web.xml, how do we know you setup basic authentication, or form authentication...?

And without seeing your server.xml, how do we know you didn't set your org.apache.catalina.realm.UserDatabaseRealm to store digested passwords?

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18152
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.


tomcat-users.xml and the Realm that uses it is really only intended for quick-and-dirty stuff. Real production webapps should be using a more robust Realm like one of the database or LDAP-based Realms.

tomcat-users is fine for testing, and the great thing about it is that a simple reconfiguration of the webapp Context or server.xml can then be used to use a "real" realm in production without any code changes. But as a data center operations solution, it's a nightmare. Not only would it require operators or security personnel to go mucking around in the server config directory, you can only get new/changed users to "take" by restarting Tomcat.

A userid in the form "aaaa\bbbb" usually means that the real ID is a user within a domain. Normally, a backslash is just begging for trouble, since it's Java's escape character, but tomcat-users.xml is (obviously!) an XML file, and backslashes aren't "magic" to XML, so I can't venture a guess on that one.
 
bergas bimo
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello viidhya,

have you go to the services and restart the tomcat application?
i was just having the same problem as yours, i simply go to the windows services, and restart the Tomcat6 application.
then, i can login to the manager page.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic