aspose file tools*
The moose likes Tomcat and the fly likes Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied" Watch "Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied" New topic
Author

Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied

Viidhya Kishore
Ranch Hand

Joined: Jan 03, 2007
Posts: 99
Hello all,

I am trying to setup tomcat with my current source code. I downloaded the zip from tomcat site(version 6.0.32

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

Any help appreciated. Stuck on this for 2 days now.

Thanks.

tomcat-users.xml :

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

Looks fine with a quick glance. Perhaps the \ in the username is boofing things up? I'd try a username with just "normal" characters.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Viidhya Kishore
Ranch Hand

Joined: Jan 03, 2007
Posts: 99
but that is the username it authenticates in the database.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

I'd just try it to see if that's the issue. If not, then it's something else.
Viidhya Kishore
Ranch Hand

Joined: Jan 03, 2007
Posts: 99
Ok.
Will try it now.
Viidhya Kishore
Ranch Hand

Joined: Jan 03, 2007
Posts: 99
Nope.
That didnt work too.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

OK, then we know it's something else.

Oh wait a minute... I thought you were trying to hit the manager app, but you say that's working. But you are getting a prompt when hitting the root app? That shouldn't be protected at all. Did you change something about the root app?
Viidhya Kishore
Ranch Hand

Joined: Jan 03, 2007
Posts: 99
My application has an authorization to enter.
So when I try to access my application, it prompts me for credentials the way it is supposed to.
But after entering the credentials it gives me the 403.

I cant see anything in the log.
Just says Server started.... as the last entry.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.
leo donahue
Ranch Hand

Joined: Apr 17, 2003
Posts: 327
The tomcat-users.xml section that contains the role information is commented out by default. Did you un-comment those lines?

And wouldn't you want to use a JNDI Realm and maybe check users against your active directory, and or in a database - DataSourceRealm?

And without seeing your web.xml, how do we know you setup basic authentication, or form authentication...?

And without seeing your server.xml, how do we know you didn't set your org.apache.catalina.realm.UserDatabaseRealm to store digested passwords?



Thanks, leo
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Bear Bibeault wrote:Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.


tomcat-users.xml and the Realm that uses it is really only intended for quick-and-dirty stuff. Real production webapps should be using a more robust Realm like one of the database or LDAP-based Realms.

tomcat-users is fine for testing, and the great thing about it is that a simple reconfiguration of the webapp Context or server.xml can then be used to use a "real" realm in production without any code changes. But as a data center operations solution, it's a nightmare. Not only would it require operators or security personnel to go mucking around in the server config directory, you can only get new/changed users to "take" by restarting Tomcat.

A userid in the form "aaaa\bbbb" usually means that the real ID is a user within a domain. Normally, a backslash is just begging for trouble, since it's Java's escape character, but tomcat-users.xml is (obviously!) an XML file, and backslashes aren't "magic" to XML, so I can't venture a guess on that one.


Customer surveys are for companies who didn't pay proper attention to begin with.
bergas bimo
Greenhorn

Joined: Oct 21, 2010
Posts: 2
hello viidhya,

have you go to the services and restart the tomcat application?
i was just having the same problem as yours, i simply go to the windows services, and restart the Tomcat6 application.
then, i can login to the manager page.
 
Consider Paul's rocket mass heater.
 
subject: Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied