Hi, I'm looking at a form-based authentication example (downloaded from
http://www.onjava.com/lpt/a/1024 near bottom of page). I check my Tomcat logs and I see that I have logged in successfully but after I log in, I get message "HTTP Status 403 - Access to the requested resource has been denied". I'm using a SQL Server 2000 ODBC datasource.
I downloaded the above webapp and made the following changes:
1. In Sql Server 2000: I have a "users" table with username and pswd columns
2. Added realm to Tomcat's \conf\server.xml:<
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc
dbc:testMarvel"
connectionName="marveluser" connectionPassword="marveluser"
userTable="users" userNameCol="username" userCredCol="pswd"
userRoleTable="user_roles" roleNameCol="rolename" />
3. Added "manager" from my "user_roles" table to a role in my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint><description>only let the system user login </description>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The Secure ROLE</description>
<role-name>manager</role-name>
</security-role>
4. When I try to login using "ghostrider" and "password" (values from my 'username' and 'pswd' columns in my users table). I check the Tomcat logs, I get: "Username ghostrider successfully authenticated" but I get message "HTTP Status 403 - Access to the requested resource has been denied".
Can anyone give me an idea what is wrong? If I take out my realm configuration from servers.xml and use the default Tomcat login ("admin" with no password), I get in perfect.
Thanks so much,
Carmen