tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From p...@webotech.co.uk
Subject password authentication causes 403 error
Date Fri, 16 Sep 2005 16:05:44 GMT
Hi there, 

I would like to set up my development tomcat-5.0.28 (on port 8080) so that 
all webapps that are not password protected, to have password 
authentification. Since it is my dev box I would like to use the memory 
realm. 

I have this in my web.xml: 

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint role-name="admin"/>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint> 

<login-config>
<auth-method>BASIC</auth-method>
</login-config> 


I have this in my tomcat-users.xml: 

<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="mylogin" password="mypassword" roles="admin,manager,role1"/>
</tomcat-users> 

If I go to http://localhost:8080/manager it asks me to login and then gives 
me access to the webapp as expected. If I go to http://localhost:8080/ it 
asks me to login and if I get it wrong is gives me a 401 error as expected 
but if I get it right it gives me a 403 error instead of allowing access to 
the webapp. This happens with all webapps that do not have their own 
authentication. 

How do I configure tomcat to give me access to my webapps when I login 
correctly? 

Thanks, 

Paul 

 --
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
paul@webotech.co.uk
Tel: +44(0)7050 699971
Fax: +44(0)7050 699972

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message