Hi, i'm working with Tomcat and i've configured a Realm for user authentication against Oracle OID. Sniffing the communication between the client and the OID server everything seems to be fine, but when the user authenticates the application then displays the 403 forbidden error page.
This is the security section in the app web.xml, the role to validate is authenticated_users. It only works when I put the role as * but it doesn't when i put authenticated_users. Why could this be happening? <security-constraint> <web-resource-collection> <web-resource-name>protected</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>authenticated_users</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>authenticated_users</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>