You have configured JDBCRealm
, but attached the example of tomcat-users.xml, that is used for commented out UserDatabaseRealm
. The problem (probably) that your JDBCRealm
does not return role manager
for your user.
To be sure switch to UserDatabaseRealm
.
j-security-check tomcat security check is ok but jsp 403 error
-
30-05-2022 - |
Domanda
tomcat7: server.xml
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>-->
<Realm
className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@localhost:1521:orcl"
connectionName="usertemp"
connectionPassword="usertemp"
userTable="users"
userNameCol="username"
userCredCol="password"
userRoleTable="user_roles"
roleNameCol="rolename" />
</Realm>
tomcat-users.xml:
<tomcat-users>
<role rolename="manager"/>
<user username="user1" password="password" roles="manager"/>
</tomcat-users>
web.xml:
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<url-pattern>/1/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description> An administrator </description>
<role-name>manager</role-name>
</security-role>
</web-app>
1) when i input url[http://localhost:8080/security-form-based/protected/index.jsp
] in ie,
2) back to login ,then forword to login.jsp ,input username and password,
3) but back error page and i can't visit the index.jsp :
HTTP Status 403 - Access to the requested resource has been denied
so ,i don't konw why? can anyone help me ? thanks.
Soluzione
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow