Skip to Main Content
Forums

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

security on tomcat

francy77Aug 11 2013 — edited Aug 15 2013

Hi all,

my be this is not the right place for this question but i'm in serius trouble, so i try anyway.

I’ve tried to configuring tomcat (both Apache Tomcat 7.0.27 and Apache Tomcat 7.0.34) to using realm UserDatabase (that is using tomcat-user.xml as a database).

I’m using netbeans 7.3.

When I try to access the resources even if inserting the right username and password I see the following:

HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Apache Tomcat/7.0.27

These are the step I did:

  1. Adding the following statement to the the tomcat-user.xml:

  <role rolename="UserRole"/>

<user username="user" password="uuu" role="UserRole"/>

2)take sure that on the server.xml the following statement are present:

<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
  type="org.apache.catalina.UserDatabase"
  description="User database that can be updated and saved"
  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
  pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
  resourceName="UserDatabase"/>
</Realm>

3)Configuring web.xml (inside the WEB-INF directory) as following:

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<session-config>

<session-timeout>

30

</session-timeout>

</session-config>

<welcome-file-list>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

<security-constraint>

<display-name>VincoloUtente</display-name>

<web-resource-collection>

<web-resource-name>area protetta</web-resource-name>

<description/>

<url-pattern>/CartellaProtetta/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<description/>

<role-name>UserRole</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>/login.jsp</form-login-page>

<form-error-page>/error.jsp</form-error-page>

</form-login-config>

</login-config>

    <security-role>

<description>Utenti che hanno questo ruolo (user) possono accedere all'area protetta</description>

<role-name>UserRole</role-name>

</security-role>

</web-app>

4) creating the file index.jsp,login.jsp and error.jsp.

5)creating the path and file at “web pages/CartellaProtetta/fileProtetto.html”

It seems that this kind of authentication no more works (with tomcat 7.xx), could you give me some helpful indication? Or say that is a bug inside tomcat?

Thanks really much

Francesco

Italy
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 12 2013
Added on Aug 11 2013
10 comments
3,569 views