tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Liyi Meng <meng.l...@gmail.com>
Subject Re: JAAS authentication goes OK, but 403 occurs on requesting resources
Date Wed, 02 Apr 2008 06:22:42 GMT

Hi Chuck,

Thanks for your reply. Here is my web.xml consider of security:

<security-constraint>
     <display-name>Security Constraint</display-name>
     <web-resource-collection>
       <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
       <url-pattern>/protected/*</url-pattern>
       </web-resource-collection>
   <auth-constraint>
   <!-- Anyone with one of the listed roles may access this area -->
     <role-name>manager</role-name>
   </auth-constraint>
   </security-constraint>


   <!-- Default login configuration uses form-based authentication -->
   <login-config>
   <auth-method>FORM</auth-method>
   <realm-name>Example Form-Based Authentication Area</realm-name>
   <form-login-config>
   <form-login-page>/auth/login2.jsp</form-login-page>
   <form-error-page>/auth/error.jsp</form-error-page>
   </form-login-config>
   </login-config>

   <!-- Security roles referenced by this web application -->
   <security-role>
     <role-name>manager</role-name>
   </security-role>

Security role is out there, I believe. but I run tomcat in embedded  
way, start JAASRealm like this:

	JAASRealm jaasRealm = new JAASRealm();
    	this.embedded.setRealm(jaasRealm);
         jaasRealm.setUserClassNames("web.security.realm.WebUser");
         jaasRealm.setRoleClassNames("web.security.realm.WebRole");

// Start the embedded server
         this.embedded.start();
         running = true;

I don't know if there is problem in my Java code.

BR/Liyi


On Apr 2, 2008, at 12:34 AM, Caldarale, Charles R wrote:

>> From: Liyi Meng [mailto:meng.liyi@gmail.com]
>> Subject: JAAS authentication goes OK, but 403 occurs on
>> requesting resources
>
>> When login, authentication goes OK, but when requesting
>> a resource, I always get 403 access denied!
>
> What's in the <security-constraint>, <login-config>, and <security- 
> role>
> sections of the web.xml for your webapp?  Have you left out the
> <security-role> element, by any chance?
>
>> Below is the code how I populate User and Role then save in Subject
>
> Your code is very similar to mine, which does work, so I don't  
> think the
> problem's there.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE  
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e- 
> mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message