Re: password authentication causes 403 error

Sun, 18 Sep 2005 09:50:19 -0700

Thanks Bill - that did it! Bill Barker writes:
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] 
Hi there,
I would like to set up my development tomcat-5.0.28 (on port 8080) so that all webapps that are not password protected, to have password authentification. Since it is my dev box I would like to use the memory realm. 
I have this in my web.xml:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint role-name="admin"/>


It's:
  <auth-constraint>
      <role-name>admin</role-name>

  </auth-constraint> 

What you have (other than being invalid, if validation-checking was enabled 
:), tells Tomcat to forbid access to everyone. 


<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>

</login-config> 


I have this in my tomcat-users.xml:
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>

<user username="mylogin" password="mypassword" 
roles="admin,manager,role1"/>

</tomcat-users>

If I go to http://localhost:8080/manager it asks me to login and then 
gives me access to the webapp as expected. If I go to 
http://localhost:8080/ it asks me to login and if I get it wrong is gives 
me a 401 error as expected but if I get it right it gives me a 403 error 
instead of allowing access to the webapp. This happens with all webapps 
that do not have their own authentication.
How do I configure tomcat to give me access to my webapps when I login 
correctly?

Thanks,
Paul
--
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
[EMAIL PROTECTED]
Tel: +44(0)7050 699971

Fax: +44(0)7050 699972 

 

 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]

For additional commands, e-mail: [EMAIL PROTECTED] 





--
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
[EMAIL PROTECTED]
Tel: +44(0)7050 699971

Fax: +44(0)7050 699972 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to