j-security-check tomcat security check is ok but jsp 403 error

StackOverflow https://stackoverflow.com/questions/16849369

  •  30-05-2022
  •  | 
  •  

Question

tomcat7: server.xml

<Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <!--<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>-->
            <Realm 
            className="org.apache.catalina.realm.JDBCRealm"
            debug="99"
            driverName="oracle.jdbc.driver.OracleDriver" 
            connectionURL="jdbc:oracle:thin:@localhost:1521:orcl"
            connectionName="usertemp"
         connectionPassword="usertemp"
         userTable="users" 
         userNameCol="username" 
         userCredCol="password"
         userRoleTable="user_roles" 
         roleNameCol="rolename" />
      </Realm>

tomcat-users.xml:

<tomcat-users>

  <role rolename="manager"/>
  <user username="user1" password="password" roles="manager"/>
</tomcat-users>

web.xml:

<web-app>
    <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <url-pattern>/protected/*</url-pattern>
         <url-pattern>/1/*</url-pattern>
       <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
       <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
           <role-name>manager</role-name>
      </auth-constraint>
      <user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
    </security-constraint>


    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
    <security-role>
        <description> An administrator </description>
        <role-name>manager</role-name>
    </security-role>
</web-app>

1) when i input url[http://localhost:8080/security-form-based/protected/index.jsp] in ie, 2) back to login ,then forword to login.jsp ,input username and password, 3) but back error page and i can't visit the index.jsp :

HTTP Status 403 - Access to the requested resource has been denied

so ,i don't konw why? can anyone help me ? thanks.

Was it helpful?

Solution

You have configured JDBCRealm, but attached the example of tomcat-users.xml, that is used for commented out UserDatabaseRealm. The problem (probably) that your JDBCRealm does not return role manager for your user. To be sure switch to UserDatabaseRealm.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top