tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julio César Chaves Fernández <hent...@gmail.com>
Subject Tomcat ldap authentication with 403 Forbidden error
Date Mon, 27 Sep 2010 17:01:24 GMT
Hi, i'm working with Tomcat and i've configured a Realm for user
authentication against Oracle OID. Sniffing the communication between the
client and the OID server everything seems to be fine, but when the user
authenticates the application then displays the 403 forbidden error page.

This is the security section in the app web.xml, the role to validate is
authenticated_users. It only works when I put the role as *  but it  doesn't
when i put authenticated_users. Why could this be happening?

<security-constraint>
        <web-resource-collection>
            <web-resource-name>protected</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>authenticated_users</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <role-name>authenticated_users</role-name>
    </security-role>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message