tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carsten Schiller <>
Subject JAASRealm, Tomcat 5.5 getting HTTP error page 403 Access denied
Date Thu, 20 Oct 2005 07:17:05 GMT

We are trying to implement a login/security environment using Tomcat 5.5's 
JAASRealm and Struts as a MVC-Framework.
After Login ,which fails with error "HTTP Status 403 - Access to the 
requested ressource has been denied", we can navigate manually to our 
output.jsp and use 
<%= request.getUserPrincipal %> , 
<%= request.isUserInRole("administrator") %> 
<logic:present role="administrator">
Admin present!

These return correct username, (true) for isUserInRole, and the logic tag 
also works... 
Our problem is: We protected *.do in our web.xml to be only accessible by 
users in role "administrator", which fails as described above. 
Why does the login fail, but we still get a valid Subject with Principals, 
and can access the roles on the output.jsp?
We are stuck now for over a week, reading tutorials, asking google, but 
with no success... Any Ideas would be appreciated!

Our relevant sourcecode:

----------------- Tomcats server.xml 
<Server port="8005" shutdown="SHUTDOWN">
  <Service name="Catalina">
    <Engine name="Catalina" defaultHost="localhost">
        <Realm className="org.apache.catalina.realm.JAASRealm" 
        <Host ...> </Host>

---------------------------- web.xml of our Project 
         </web-resource-collection >


Carsten Schiller.
Diese E-Mail enthält vertrauliche und/oder rechtlich
geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you are not the intended
recipient (or have received this e-mail in error) please notify the sender immediately and
destroy this e-mail. 
Any unauthorized copying, disclosure or distribution of the material
in this e-mail is strictly forbidden.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message