You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bruno Gonçalves <bv...@myrealbox.com> on 2005/02/21 11:37:36 UTC
HTTP Status 403 (tomcat 5.0.28 & JAASRealm)
When I login in my application with a username&password valid I get a
HTTP Status 403!
I'm using Tomcat 5.0.28 and JAASRealm.
I already looked into in my web.xml, and I think is alright.
The valid username & password: admin / admin
Anyone knows what's the problem?
Thanks..
web.xml:
<!-- login config -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/web/layouts/*</url-pattern>
<url-pattern>/web/jsp/das/*</url-pattern>
<!-- If you list http methods, only those methods are
protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this
area -->
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JAASRealm</realm-name>
<form-login-config>
<form-login-page>/security/login.jsp</form-login-page>
<form-error-page>/security/login.jsp?error=1</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>admin</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org