stackoom
  简体   繁体   中英

Error 403 when using Basic Authentication with Tomcat 8

 原文  2017-12-08 15:59:03       java/ tomcat/ proxy/ basic-authentication

Question

Hi Everyone,

I followed the steps in the below link to accomplish Basic Authentication with Tomcat and I was successfully able to achieve the result:

http://www.avajava.com/tutorials/lessons/how-do-i-use-basic-authentication-with-tomcat.html?page=1

I went then afterward to accomplish the same on an existing project I'm working on but I'm unfortunately getting error 403 ( Access to the specified resource has been forbidden) when trying to access the servlet either from the browser or through a java program. Error 403 means the user was authenticated but not authorized.

I did an in depth research on that issue but still I'm stuck there, so appreciate your help here.

Here is the tomcat-user.xml: 

 <role rolename="tomee-admin"/> <role rolename="adapter-role"/> <user password="tomee" roles="tomee-admin,manager-gui" username="tomee"/> <user username="adapter" password="adapterpwd" role="adapter-role"/>

Her is my web.xml: 

 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>sbee-adapter</display-name> <security-constraint> <web-resource-collection> <web-resource-name>OZZ-Adapter</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>OZZ-Adapter</web-resource-name> <url-pattern>/API</url-pattern> </web-resource-collection> <auth-constraint> <role-name>adapter-role</role-name> </auth-constraint> </security-constraint> <servlet> <description></description> <servlet-name>IDP</servlet-name> <servlet-class>com.xxxx.ozz.adapter.ztee.IDP</servlet-class> </servlet> <servlet-mapping> <servlet-name>IDP</servlet-name> <url-pattern>/IDP</url-pattern> </servlet-mapping> <servlet> <description></description> <display-name>API</display-name> <servlet-name>API</servlet-name> <servlet-class>com.xxxx.ozz.adapter.ztee.API</servlet-class> </servlet> <servlet-mapping> <servlet-name>API</servlet-name> <url-pattern>/API</url-pattern> </servlet-mapping> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>

My java code: 

HttpURLConnection con1 = (HttpURLConnection) urlSBEE_API.openConnection();
                con1.setRequestMethod("POST");
                String basis_encode = Base64.getEncoder().encodeToString(("adapter" + ":" + "adapterpwd").getBytes("UTF-8"));
                con1.setRequestProperty("Authorization", "Basic " + basis_encode);
    responseCode = con1.getResponseCode();
    System.out.println("Response code====== "+responseCode);

the responseCode value is being 403.

I made sure to include in the web.xml the 

<auth-method>BASIC</auth-method>

as I saw on the net many suggestions to do that.

On the other hand if in the java code I enter a wrong username and pwd then I get error 401 which is correct since it means user not authenticated.

I cleared browser cache and retired. still same issue.

Could the issue be related to Proxy setting???

My windows proxy settings are as follow: Use Automatic Configuration script, Address: http://proxy:8083/

I tried the following code as well: 

     Proxy proxy = new Proxy(Proxy.Type.HTTP,
                            new InetSocketAddress("Proxy"),
                                    Integer.parseInt("8083"));
        HttpURLConnection con1 = (HttpURLConnection) urlDistribution.openConnection(proxy);
    con1.setRequestMethod("POST");
    String basis_encode = Base64.getEncoder().encodeToString(("adapter" + ":" + "adapterpwd").getBytes("UTF-8"));
    con1.setRequestProperty("Authorization", "Basic " + basis_encode);
    responseCode = con1.getResponseCode();
   System.out.println("Response code====== "+responseCode);

I tried including the following before HttpURLConnection con1 : 

System.setProperty("http.nonProxyHosts", "<MY_LOCAL_HOST>");

but still no luck.

Thank you!

1 answers

solution1
 0 ACCPTED  2018-01-04 16:18:21

SOLUTION:

I just replaced in tomcat-user.xml: role="adapter-role"

WITH

roles ="adapter-role"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question LDAP authentication for Tomcat - 403 error 403 Forbidden Error on Tomcat 7 When using POST or PUT Jaas Basic Authentication tomcat 7 Override Tomcat basic authentication How to configure basic authentication in tomcat 8.5? HTTP Error 401 Error 403 when accessing java servlet in tomcat root context using POST Tomcat 403 Error Centrally secure all tomcat webapps using BASIC authentication Tomcat Basic Authentication Permissions Issue amazon beanstalk tomcat basic authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM