tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henke <henrik.clae...@comhem.se>
Subject Wrong userrole gets me 403 error code
Date Mon, 08 May 2006 19:48:23 GMT
  Hi!

  In a application i´m using JDBCRealm and form-based login to
  authenticate the user. But i have som problems.

  When i enter a user with correct username, password and role everything
  works fine. Entering username or password incorrect i´m beeing
  redirected to the login-error-page, that´s correct. But when i enter
  username and password that exist in the DB but the user don´t have the
  correct role i´m still authenticated or get the error code 403, if i´m
  authenticated and click the logout i got the 403 message.

  All my application shares the symptoms, even admin and manager. Can i
  fix this??

  I searched the internet for an answer to this and found this Thread from
   years ago.
 
http://mail-archives.apache.org/mod_mbox/tomcat-users/200201.mbox/%3c01C199CA.B376DEC0@FORTE%3e




  And the answer:

 
http://mail-archives.apache.org/mod_mbox/tomcat-users/200201.mbox/%3c20020110082457.T52483-100000@icarus.apache.org%3e




  As it says the formbased doesn´t care about the role. But why does it
  care about it when you are using basic authentication.

  I don´t post any code because i´m followed the documentation to setup
  the JDBCRealm. The only difference is that my user_role is a view not a
  table. It´s in my opinion a ugly database design to only have
  "user_table" and "user_role" table in a many-to-many relationship....

  End talking about databasedesign. I simply wonder if it is any solution
  to this problem besides taking care of it in the application.

  Thanks a lot in advance!

  /Henrik



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message