tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Hoffer <>
Subject How to configure Tomcat 6.0 with JAAS?
Date Mon, 11 May 2009 19:14:33 GMT
No matter what I do...I always get an 'HTTP Status 403 - Access to the
requested resource has been denied error' displayed after authenticating in
Tomcat with JAAS.  Here is my configuration.

Tomcat 6.0.x

<Host name="localhost"  appBase="webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">

<!-- JAAS config -->
<Realm className="org.apache.catalina.realm.JAASRealm"

Issues here...since TASUserPrincipal & TASGroupPrincipal are not available
yet (they are in my web app) hasn't started how can I delay configuration
until my web app has started? (Doubt this is cause of error however).

My WebApp web.xml:

<!--Test code to get JAAS to work-->
            <web-resource-name>Test App</web-resource-name>
        <realm-name>Test App Realm</realm-name>
    <!--End JAAS code-->

Note that StartupServlet configures JAASConfiguration to load my custom

When my web app starts I do get the authentication dialog and I enter my
login info.  I have debugged my custom LoginModule and login() and commit()
both succeed/return true for the user.  However when the app continues I get
the 403 error stated above.

What am I doing wrong?  I don't understand if/how the role-name(s) specifed
in the web.xml are validated at this point.  Do I have to tie my Subject
Principal to these roles somehow?  Or are these roles just used by the JAAS
logic after authenication is complete?  I will say that if I remove the
auth-constraint section then the login dialog is not even displayed.

Can someone point me to my error?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message