Meaningless Drivel is fun!*
The moose likes Tomcat and the fly likes password authentication causes 403 error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "password authentication causes 403 error" Watch "password authentication causes 403 error" New topic
Author

password authentication causes 403 error

Paul Mackinlay
Greenhorn

Joined: Aug 26, 2004
Posts: 2
I would like to set up my development tomcat-5.0.28 (on port 8080) so that all webapps that are not password protected to have password authentification.

I have this in my web.xml:

<security-constraint>
<web-resource-collection>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint role-name="admin"/>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>


I have this in my tomcat-users.xml:

<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="mylogin" password="mypassword" roles="admin,manager,role1"/>
</tomcat-users>

If I go to http://localhost:8080/manager it asks me to login and then gives me access to the webapp as expected. If I go to http://localhost:8080/ it asks me to login and if I get it wrong is gives me a 401 error as expected but if I get it right it gives me a 403 error instead of allowing access to the webapp. This happens with all webapps that do not have their own authentication.

How do I configure tomcat to give me access to my webapps when I login correctly?

Thanks,

Paul


Web Orientated Technologies webotech.co.uk<br />Tel: +44(0)7050 699971 Fax: +44(0)7050 699972<br />paul@webotech.co.uk
Paul Mackinlay
Greenhorn

Joined: Aug 26, 2004
Posts: 2
OK, I've worked this one out. My web.xml was wrong. You can't have:
<auth-constraint role-name="admin"/>

It has to be:
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>

Paul
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: password authentication causes 403 error