Hi, i'm working with Tomcat and i've configured a Realm for user
authentication against Oracle OID. Sniffing the communication between the
client and the OID server everything seems to be fine, but when the user
authenticates the application then displays the 403 forbidden error page.
This is the security section in the app web.xml, the role to validate is
authenticated_users. It only works when I put the role as * but it doesn't
when i put authenticated_users. Why could this be happening?
<security-constraint>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authenticated_users</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>authenticated_users</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
