aspose file tools*
The moose likes Tomcat and the fly likes <role-name>*</role-name> but still 403 error occured Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "<role-name>*</role-name> but still 403 error occured" Watch "<role-name>*</role-name> but still 403 error occured" New topic
Author

<role-name>*</role-name> but still 403 error occured

Art Akc
Greenhorn

Joined: Aug 20, 2012
Posts: 4
Hi, All. This is my web.xml



As you can see there is <role-name>*</role-name> in web.xml, but if i try to run this servlet , 403 error occured. I use Tomcate 7.
If i include

into my web.xml and log in correctly, the servlet works in a proper way. I have pointed <role-name>*</role-name> in web.xml and in this case the servlet should work with any roles and without authentication. Please, explain me the reason.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10288
    
168

<role-name>*</role-name> doesn't really mean any authenticated user. Instead, it means, allow access to authenticated users who belong to at least one role listed in the <security-role> element of the web.xml of the application. So in your example the user has to belong to admin role (since that's the only one listed). This is a behaviour change between how Tomcat handled this in previous versions. The behaviour can be controlled by setting the allRolesMode attribute of the Realm element in the server.xml. See this mailing list discussion for details http://www.mail-archive.com/users@tomcat.apache.org/msg16232.html.

The other way is to fix this the right way (as per the Servlet spec) by listing all the role-name(s) under the security-role element and then using * under the role-name of the security-constraint element.

[My Blog] [JavaRanch Journal]
Art Akc
Greenhorn

Joined: Aug 20, 2012
Posts: 4
Thank you Jaikiran Pai. This info is useful for me.
 
jQuery in Action, 2nd edition
 
subject: <role-name>*</role-name> but still 403 error occured